Application Security Engineer

Date: Jun 28, 2019

Location: Greensboro, NC, US

Company: Lincoln Financial

 

 

 

   

Alternate Locations: Atlanta, GA (Georgia); Chicago, IL (Illinois); Concord, NH (New Hampshire); Fort Wayne, IN (Indiana); Greensboro, NC (North Carolina); Hartford, CT (Connecticut); Omaha, NE (Nebraska); Philadelphia, PA (Pennsylvania); Radnor, PA (Pennsylvania); Rolling Meadows, IL (Illinois)



Relocation assistance is not available for this opportunity.



Requisition #59653

 

About the Company

 

Lincoln Financial Group, a Fortune 250 company with over 10,000 employees, provides advice and solutions that help empower Americans to take charge of their financial lives with confidence. Our core business areas — Life Insurance, Annuities, Retirement Plan Services and Group Protection — focus on supporting, preserving and enhancing over 17 million customer’s lifestyles and retirement outcomes.

Headquartered in Radnor, Pennsylvania, Lincoln Financial Group is the marketing name for Lincoln National Corporation (NYSE: LNC) and its affiliates. The company had $238 billion in assets under management as of December 31, 2018.

Ranked one of the Best Large Employers in America by Forbes magazine, Lincoln Financial Group makes a serious investment in our employees’ futures through a broad range of wealth accumulation and protection plans, health and wellness programs, and career development resources designed to help each individual reach their personal and professional goals.

 

 

The Role

 

The Analyst, IT Security is responsible for the security and protection of the organization’s internal and external application footprint. S/he will be responsible for the security needs of the organizations software development lifecycles and provide guidance on infrastructure review, design analysis, static scan analysis, dynamic scan analysis, and managing all other application security aspects of the projects engagement lifecycle.

 

This is a hands-on technical position that you will find yourself collaborating with multiple groups across the organization that include project, business, architecture, and operational teams to enable business goals by melding security into the solution. Experience as a developer is a must. Strong skills at communication that enable you to explain security to a wide variety of technical levels is also wanted in this position. 

 

 

Responsibilities

 

Technical 

  • Collaborates with key business areas to enable business goals by combining security into the solutions
  • Communicates effectively with internal stakeholders and management to explain security to a wide variety of technical levels
  • Perform complex application security assessments of web and mobile applications utilizing a variety of static and dynamic methods, processes, and tools
  • Researches, designs, and advocates new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors
  • Recommend and implement changes to enhance systems security and prevent unauthorized access
  • Research security trends, new methods, and techniques used in unauthorized access of data to preemptively eliminate the possibility of system breach
  • Review and ensure the implementation of adequate application authentication, authorization, and access control and encryption practices
  • Perform static application security testing to determine if there are violations of the application security standards
  • Collaborate with development teams to prioritize and remediate vulnerabilities throughout the software development lifecycle 
  • Identify vulnerabilities in  web and mobile applications and provide supporting documentation which includes testing methodology and findings
  • Proactively work with team members to address security and compliance issues in a timely manner

 

Familiarity with DevOps principles and practices

Ability to write code in Python,  Java, .Net, or similar language


 

Execution 

  • Partners with internal stakeholders to ensure that systems are designed, developed and implemented from a security point of view
  • Provide expertise and support for web and mobile application security trends
  • Maintain and provide awareness of complex evolving web and mobile application security threats and compensating controls
  • Serves as a lead technical resource and shares knowledge with junior and/or peer team members in security and designing and building secure web and mobile applications
     

Education

  • Undergraduate degree or 1-4 years of comparable work experience
  • ISC2 CISSP and/or CSSLP
  • GIAC GWAPT, GIAC GSSP-Java, GIAC GSSP-NET
     

Experience

  • -4+ years of experience in Information Technology that directly aligns with the specific responsibilities for this position
  • Extensive experience in addressing web application security issues, such as those outlined in OWASP Top 10 
  • Knowledge of application security throughout the software development lifecycle 
  • Experience with security dynamic analysis tools such as IBM AppScan, HP Security Center, HP Webinspect, Portswigger BurpSuite, Fiddler, and OWASP ZAP
  • Familiarity with Web Application Firewalls (WAF), such as Apache ModSecurity, Imperva, and other compensating controls to protect web applications
  • Working knowledge and understanding of regulatory compliance concerns, data protection and industry standard security and risk frameworks

#LI-POST

 

 


This position may be subject to Lincoln’s Political Contribution Policy.  An offer of employment may be contingent upon disclosing to Lincoln the details of certain political contributions. Lincoln may decline to extend an offer or terminate employment for this role if it determines political contributions made could have an adverse impact on Lincoln’s current or future business interests, misrepresentations were made, or for failure to fully disclose applicable political contributions and or fundraising activities.
 

 

 


Nearest Major Market: Greensboro

Job Segment: Developer, Java, .NET, Testing, Compliance, Technology, Legal