Lead Application Security Engineer
What We'll Bring
At TransUnion, we have a welcoming and energetic environment that encourages collaboration and innovation. We’re consistently exploring new technologies and tools. This environment gives our people the opportunity to hone current skills and build new capabilities, while discovering their genius.
As a Lead Application Security Engineer, you will be responsible for architecting, deploying, and maintaining a global technology infrastructure to support application testing and scanning. You will play a key role in deploying the infrastructure and defining the processes to establish a global scanning environment. As a Lead Application Security Engineer, you will be responsible for ensuring comprehensive coverage of the application scanning toolset across various architectures and platforms in support of our Attack Surface Reduction team.
Come be a part of our team – you’ll work with great people, pioneering products, and deploy cutting-edge technology.
What You'll Bring
3+ years of experience architecting, deploying, and maintaining global scanning infrastructures
2+ years of experience deploying and maintaining DAST, SAST, or IAST solutions in public cloud environments (AWS and Azure)
Hands-on experience with various DAST, SAST, or IAST solutions (e.g., AppScan, BlackDuck, Checkmarx, Netsparker, Seeker, Veracode, etc.)
Development experience with various scripting languages (e.g., PowerShell, Python, Unix shell scripts, etc.)
Strong understanding of networking fundamentals and familiarity with enterprise network architectures
Experience in Unix/Linux and/or Windows administration
Familiarity with Systems Lifecycle Development (SDLC) best practices
Ability to function autonomously and collaborate effectively in a fast-moving, highly matrixed, and sometimes ambiguous environment
Demonstrated excellence in providing superb customer service
Excellent verbal and written communication skills
Optional:
Knowledge of Scrum/Agile software development
Experience in DevOps environments and automating security controls into the CI/CD process
Experience with or knowledge of Jenkins or other CI tools
Experience with configuration management systems (e.g., Ansible, Puppet, etc.)
One or more relevant certifications (e.g., GPEN, GWAPT, CISSP, OSCP/OSCE/OSWE, AWS or Azure-specific certifications, etc.)
Impact You'll Make
Collaborate with the Attack Surface Reduction team to develop a scanning infrastructure strategy for long term sustainability and maintainability
Identify automation and configuration management processes to optimize global scanning operations
Develop a comprehensive backup strategy for scanning solutions and perform periodic DR testing to ensure backup efficacy
Work with the Attack Surface Reduction team to prioritize team requirements, develop execution delivery plans, and design a delivery feedback mechanism for product delivery tracking
Create robust documentation to capture FAQs and provide greater visibility into the scanning capabilities
Provide ongoing knowledge transfer and training of scanning capabilities via quarterly demos
#LI-SG1
During the COVID-19 pandemic, TransUnion has several safety protocols in place to protect associates, customers, and visitors. You may be required to be fully vaccinated against COVID-19 as a condition of employment and/or to participate in certain work-related activities. Exemption is available to qualified candidates as a reasonable accommodation.