Senior Application Security Lead
“The limit of our growth is going to be our imagination and product ideas – not technology.” – Mohit Kapoor, CTO
What we’ll bring:
- A welcoming and energetic environment that encourages collaboration and innovation. We consistently explore new technologies and tools to be agile.
- Flexible time off, workplace flexibility, an environment that welcomes continued professional growth through support of tuition reimbursement, conferences and seminars.
- Our culture encourages our people to hone current skills and build new capabilities.
- As part of the Global Information Security team, you will support applications across the globe. An emphasis will be placed on products out of TransUnion Interactive (TUI)—products that help our customers monitor critical changes in their credit by assisting them with debt analysis, identity theft protection features, and money management tools.
What you’ll bring:
- At least 5 years’ experience in application development (Java EE, Python, web APIs, C++/C#, .Net, and/or Linux scripting)
- At least 3 years’ experience with Application Security and Application Penetration Testing
- Strong understanding of a variety of application development architectures, platforms, methodologies, and supporting operating systems
- Strong understanding of web hosting platforms and web services (AWS preferred).
- Working knowledge of remediation methods (OWASP Top 10 at a minimum)
- Understanding of enterprise computing environments, distributed applications, and container technology (Docker preferred)
- Exceptional interpersonal and communication skills
- Experience working in a team-oriented, collaborative environment and ability to present ideas in a user-friendly language
- Bachelor’s Degree in Computer Science or equivalent experience
We’d love to see:
- Familiarity or experience with CI/CD
- Any of the following certifications are desired: GWAPT, GWEB, OSCP, CISSP, CSSLP, or similar advanced security certification
Impact you’ll make:
- Conduct tests to evaluate and demonstrate the impact of software misconfiguration and vulnerabilities on in-house applications.
- Model attacker behavior and help teams evaluate their resilience to known attack methodologies.
- Provide expert level security consultation to project teams, application owners, and general technology teams on relevant security controls and Secure-SDLC process requirements.
- Build & Monitor systems that ensure application security policies, coding standards and required security controls are being followed and appropriately mitigating threats.
- Assist with required security education initiatives and foster a security-conscious culture within AppDev teams.
- Develop, Enhance, and Participate, as needed, in security portion of Secure-SDLC.
- Analyze and provide remediation guidance for identified vulnerabilities; validate and verify remediation implementation.
- Participate and lead Information Security projects to expand AppSec capabilities.