AddressJob Details
Description
Location Requirements: This role is Hybrid to one of our offices: Austin, Naperville or Wayne. Remote candidates will be considered.
Senior Application Security Engineer 2
Frontline Education is the leading provider of school administration software, empowering strategic K-12 leaders with the right tools, data and insights to proactively manage human capital, business operations and special education. Educational organizations representing over 80,000 schools and millions of educators, administrators and support personnel have partnered with Frontline Education in their efforts to develop the next generation of learners. Frontline is dedicated to driving engagement across K-12 school systems and supporting the continuous improvement of employee effectiveness and efficiency with solutions for proactive recruiting and hiring, absence and time, professional growth, student information systems, special education and interventions, payroll, benefits and financial management.
We are seeking Senior Application Security Engineer 2 for an exciting opportunity to be part of a security team, in a growing company and evolving industry. This role will report to the CISO and engage other stakeholders across the organization to drive change and promote security. This role is remote.
Our mission is broad, and our team is small, collaborative, and agile. We will look toward your unique skills to approach and solve problems in your own way. Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead cross-functionally. In the role of Senior Application Security Engineer, you will lead our efforts of identifying and addressing cloud and web Application Security weaknesses.
Responsibilities:
- Support the CISO in the promotion, maintenance, and monitoring of a culture of security across the organization, and implementation of KPIs and metrics to measure and enhance the security of applications and environments
- Engineer, implement, and monitor security measures for the protection of the Frontline suite of applications
- Work across Product, Development, Infrastructure, Corporate IT, and Cloud Operations teams to enhance and evangelize security on web and mobile applications by defining secure development standards and Application Security best practices
- Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts
- Develop and report metrics measuring the state of Application Security program
- Provide remediation guidance needed to address emerging threats and open vulnerabilities
- Participate in the Security Incident Response Team efforts to respond to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches
- Conduct regular manual and automated security assessments of a suite of applications, including vulnerability assessments and penetration tests, while prioritizing remediation efforts
- Deploy and manage security technologies such as WAF, SAST/DAST/IAST, RASP, Burp Suite, Penetration Testing tools, and other security and threat detection technologies
- Conduct and monitor Independent Validation and Verification testing for software applications and systems
- Support technical audit activities to maintain compliance with internal and regulatory requirements, such as ISO27001, PCI, SOC, etc.
- Develop, implement and monitor technical and non-technical policies, procedures, processes, and workflows
- Champion and lead Continuous Integrations, Testing, Delivery, and Securing SDLC pipelines
- Engage with the Security Team and other departments to respond to, investigate, contain and remediate incidents as necessary
- Influence the team's culture and performance through leading by example and through active coaching and mentoring of junior members of the team
- Help set a positive tone, and offer guidance and support individual growth, to enhance the team’s cohesion and to help drive overall success.
- Handle on-call duties as needed
Qualifications
- Bachelor’s degree or equivalent work experience in Computer Science or similar discipline
- 8+ years of experience in software/Application Security required
- Security certification such as CCISP, OSCP, GWEB, GPEN, GWAPT, CEH, or equivalent required
- Knowledge of the threats to modern web applications including the ability to assess the security of web applications, identifying vulnerabilities, and reporting those issues to developers in a clear and concise manner
- Strong familiarity of OWASP Top 10 and methods and techniques to mitigate them
- Strong familiarity with AWS services relevant to security, including, but not limited to, IAM policy, Cloudtrail, Config, GuardDuty, Macie, KMS, etc.
- Experience with secure code review in languages such as Javascript, Python, C/C++, Java, etc., and ability to develop with common scripting languages such as Python, BASH, etc.
- Experience with attacks on cryptography, and threat modeling
- Knowledge of a broad range of security controls and risk management frameworks such as NIST, MITRE ATT&CK Framework, ISO 2700x, PCI-DSS, SOC2, etc.
- Knowledge of regulatory and standards, including, but not limited to FERPA, HIPAA, SOX, GLBA, and PCI
- Experience securing large AWS deployments with an awareness of the threats and risks to modern cloud environments including and security best practices on how to address those risks in the AWS cloud
- Understanding of Continuous Integrations, Testing, Delivery, and Securing SDLC pipelines
- Experience with centralized log management tools
We're a group of unique and talented individuals that love what we do. We've been lucky enough to land jobs with a rapidly growing tech company that supports an appreciative and friendly customer base. We work hard to make our customers happy, but we like to have a good time in the process.
We are a company that strives to think in terms of “we” instead of “me.” We believe in the philosophy of servant leadership and that it’s all about putting others first. We also value the balance between family and work.
Our company growth has created a promising environment for career advancement and rewarding challenges. We offer a competitive compensation package including a base salary, target bonus plan and stellar benefits including unlimited PTO.
Frontline Education Vision:
A connected future for school administration that enables every leader, teacher, and student to thrive.
Frontline Education Mission:
Partnering with the education community by providing innovative technology and best practices to empower K-12 schools in their pursuit of excellence.
Frontline Education is an equal opportunity/affirmative action employer and all qualified applicates will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability status, protected veteran status or any other characteristic protected by law.
