Information Security Engineer

Summary

Join G-P's diverse, remote-first team as an Information Security Engineer and help drive the implementation of the company's application security program. You will collaborate with various teams to build security into the product lifecycle, from design to deployment. Daily tasks may include security reviews, secure SDLC education, threat modeling, risk remediation, and managing application security tools. You'll secure sensitive data, ensuring compliance with regulations and customer requirements. This role requires strong application security experience, coding skills, and excellent communication abilities. G-P offers competitive compensation and benefits, along with opportunities for skill expansion.

Requirements

• Bachelors degree in Cyber Security, Management Information Systems, Computer Science, Information Science or equivalent work experience
• 5+ years of related work experience in the Application Security field
• Strong understanding of Cloud Security in AWS, specifically IAM Roles Policies, Security Groups and Encryption methodologies
• Strong communication and relationship building skills with a high degree of comfort speaking with developers, IT executives, and business partners
• Proficiency in coding/scripting languages (e.g., Python, Go etc.)
• Strong experience performing security focused application design reviews, threat modelling, manual code reviews, container security, and ethical hacking
• Strong experience implementing and working with SAST/DAST/SCA security tools
• Deep knowledge of security vulnerabilities, being able to identify issues, assess risk, and provide remediation guidance
• Deep knowledge of authentication and authorization options and standards
• Strong experience using common security testing tools and techniques to perform security assessments with significant expertise in either web or mobile penetration testing
• Strong experience working with developers and knowledgeable about modern web, mobile, and API development practices
• Ability to read and write code in at least one programming language
• Knowledge of CI/CD practices and experience incorporating security requirements into a SDLC

Responsibilities

• Evangelize application security fundamentals and act as a consultative partner to development teams
• Implement and leverage SAST/DAST/SCA security tools like Veracode and Snyk. Make recommendations on application security tools
• Guide and perform security activities including threat modeling and vulnerability analysis, code review, and security testing, ensuring teams are validating for OWASP Top 10 and CWE/SANS Top 25
• Triage application risks daily as identified by AppSec scanning tools to eliminate false positives and provide a well-vetted set of vulnerabilities to engineering
• Collaborate with engineering to drive the timely remediation of vetted risk and to implement creative solutions that increase operational effectiveness
• Generate, collect, and report on AppSec metrics on a regular basis
• Make recommendations on development processes and provide production application security support as needed
• Create and maintain technical documentation for the AppSec program
• Contribute to the development and delivery of security awareness and secure development training programs
• Develop scripts and tools to automate repetitive security tasks, such as log analysis, patch management, and incident detection
• Build custom solutions to integrate security tools with existing systems using languages like Python, JavaScript, or Go

Benefits

Competitive compensation and benefits