Senior Application Security Developer (Python)
At Pearson, we're committed to a world that's always learning and to our talented team who makes it all possible. From bringing lectures vividly to life to turning textbooks into laptop lessons, we are always re-examining the way people learn best, whether it's one child in our own backyard or an education community across the globe. We are bold thinkers and standout innovators who motivate each other to explore new frontiers in an environment that supports and inspires us to always be better. By pushing the boundaries of technology - and each other to surpass these boundaries - we create seeds of learning that become the catalyst for the world's innovations, personal and global, large and small.
ESSENTIAL DUTIES AND RESPONSIBILITIES
The ideal candidate will have a strong development background with prominent web development languages and frameworks; with the ability to understand the code and provide security remediation advice
Provide expert-level guidance to security analysts, testers, and development teams during application security assessments. Must be able to identify, re-create, and remediate security defects. .
Design, develop, and implement automation features into our existing security pipeline. Experience with Django / Python required. Experience with Go a plus.
Working knowledge of automated application security-related tools such as AppSpider, Checkmarx, Qualys, and Nessus.
Working knowledge of manual assessment tools such as HTTP Proxies (BurpSuite Pro, OWASP ZAP), automation scripts, shell scripting w/ curl, fuzzers and other commercial and open source tools.
Experience using and testing REST and/or SOAP APIs.
In depth knowledge on common web application security flaws and secure coding practices and the ability to clearly explain security issues to project and development staff.
Familiar with OWASP Application Security Verification Standard (ASVS) and how it applies to application development teams.
Ability to prioritize and track security issues and work with the necessary teams to ensure remediation
Serve as a leader by promoting security awareness, mentoring other team members, and staying up-to-date on current development methodologies (Agile/DevOps) and information security trends.
Understanding of HTTP, REST, SOAP, XML and JSON as it relates to APIs and AJAX
Familiar with AWS/Rackspace/VSphere APIs and the cloud SDK's
Experience with OpenStack, Kubernetes, and Docker a plus, but not required.
Performs other duties as assigned.
KNOWLEDGE, SKILLS, AND ABILITIES
- Understanding of modern application development and operational philosophies
- Able to convey risk to all levels of the business, from C-level executives to operations and development teams.
- Experience working in a multi-platform, multi-protocol, distributed enterprise computing environment.
- A deep understanding of web applications and architectures, relational and non-relational databases, and hardware architectures, and effectively applying the principles of information security to IT environments.
- Understanding of governance frameworks such as ITIL and ISO 27001.
- Project management: Able to assess needs, define objectives, identify resources needed to achieve objectives and begin implementation towards goal completion.
- Must be able to work effectively alone and as part of a larger project team.
CERTIFICATES, LICENSES, REGISTRATIONS
- None required
- Prefer CISSP
- Prefer SANS (Web App Attack / Defense courses)
- Prefer Offensive Security Certified Professional
EDUCATION and/or EXPERIENCE
- BS preferred but not required
- 5 years application security experience
- 5 years development experience