Job Description

The Lead Application Security Engineer, is a member of the Cyber Security team and is responsible for providing oversight, direction, and advice to cyber security engineers, reviewing security designs, implementing technical security controls, and designing security solutions. They will help implement the information security design, enforce compliance with security policies and controls and function as technical security experts on various projects.

The Lead Application Security Engineer will:

Work closely with product and platform teams to implement security controls. Plan, implement, upgrade and monitor security measures related to application security. Provide subject matter expertise on, and conduct in-depth security reviews of software applications

Assess and understand Pearson VUE current security posture and future architecture, providing a viable solution path to bridge the gap. Provide security subject matter expertise on application security and help project teams comply with enterprise and IT security policies, industry regulations, and best practices.

Work closely with functional-area architects, engineering, and security specialists throughout Pearson VUE to ensure adequate security solutions and controls are in place throughout all VUE systems, cloud systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.

Design security configuration standards, procedures, and guidelines for platforms such as baseline security configurations and hardening guides. Communicate security risks and solutions to business partners and IT staff. Coach developers on application security

Recognize, adopt, and instill industry leading practices in security engineering throughout the organization

Correctly balance security risk and product advancement, secure DevOps/Secure SDLC

Identify and execute opportunities to automate internal, cloud and platform security controls. Identify and propose process improvements and identify opportunities for new processes and procedures to reduce risk.

Incident Response, Support security incident response as required.

Research, designs, and advocates new technologies and security products that will support security requirements for the enterprise and its customers, business partners, and vendors.

Contributes to the development and maintenance of the information security strategy.

Evaluates and develops secure solutions, based on approved security architectures.

Security Tooling, Administer, configure, and support security tools. Assist with adoption of new/existing security tools as needed. Create/support integrations of security tools into central analytics system

Embrace a culture of continuous service improvement and service excellence.

Stay up to date on security industry trends.

Essential Skills:

Minimum of 10 years industry experience

Bachelor\'s degree in computer science, MIS, or equivalent technology discipline

Minimum 5+ years software development required (Java, .NET)

Working knowledge of application development tools, techniques, and platform technologies

Familiar with OWASP Secure Coding Practices

Familiar with Continuous Integration/Continuous Deployment (CI/CD) processes and concepts

Familiar with REST API technology and methods

Ability to develop scripts in Python (or comparable language)

Experience in OOAD, agile processes, design patterns

Some experience with relational database platforms such as MSSQL, MySQL, NoSQL databases.

Some proven ability in security process and organizational design.

Current understanding of Industry trends and emerging threats.

Knowledge of incident response methodologies and technologies.

Experience with the following tools (Required):

Java or .NET

Web Services (SOAP/REST)

SQL

Angular

Requirements & analysis experience

OOAD design

Agile development

Design patterns

OWASP Top 10

Static code security testing (SAST) tool experience

Dynamic Application Security Tool (DAST or IAST) experience

Desirable Skills:

Experience working in agile environment highly preferred

Well-rounded background in application security.

Experience implementing security controls in a global enterprise IT environment.

Experience driving a culture of security awareness.

Professional IT Accreditations (CISSP, CISM, CCSA, CCSE, JNCIA, CCNA, CCIE Security).

Experience in creating design documents, performing code reviews

Desire to expand knowledge in many development languages, applications, and tools

Proven ability to quickly learn new processes and tools, business domains and technical applications

Ability to think technically and analytically

Ability to understand philosophy of architecture

Ability to assimilate information, distill knowledge, apply experience, and provide solution alternatives and recommendations

Must have strong time management skills - including ability to work well under pressure, plan, set priorities, adapt to change, and meet established timelines

Must be a self-starter and detail-oriented

Must have a \xe2\x80\x9cpositive\xe2\x80\x9d and energetic demeanor

Effective written and verbal communication skills

Creative problem-solving skills

Experience with the following tools (Preferred):

Splunk

New Relic

Cloud security

Compensation at Pearson is influenced by a wide array of factors including but not limited to skill set, level of experience, and specific location. As required by the Colorado, California, Washington State, New York State and New York City laws, the pay range for this position is as follows:

The minimum full-time salary range is between $125,000 - $145,000.

This position is eligible to participate in an annual incentive program, and information on benefits offered is here.

#LI-Remote

What to expect from Pearson

Did you know Pearson is one of the 10 most innovative education companies of 2022?

At Pearson, we add life to a lifetime of learning so everyone can realize the life they imagine. We do this by creating vibrant and enriching learning experiences designed for real-life impact. We are on a journey to be 100 percent digital to meet the changing needs of the global population by developing a new strategy with ambitious targets. To deliver on our strategic vision, we have five business divisions that are the foundation for the long-term growth of the company: Assessment & Qualifications, Virtual Learning, English Language Learning, Workforce Skills and Higher Education. Alongside these, we have our corporate divisions: Digital & Technology, Finance, Global Corporate Marketing & Communications, Human Resources, Legal, Strategy and Direct to Consumer. Learn more at We are Pearson.

We value the power of an inclusive culture and also a strong sense of belonging. We promote a culture where differences are embraced, opportunities are accessible, consideration and respect are the norm and all individuals are supported in reaching their full potential. Through our talent, we believe that diversity, equity and inclusion make us a more innovative and vibrant place to work. People are at the center, and we are committed to building a workplace where talent can learn, grow and thrive.

Pearson is an Affirmative Action and Equal Opportunity Employer and a member of E-Verify. We want a team that represents a variety of backgrounds, perspectives and skills. The more inclusive we are, the better our work will be. All employment decisions are based on qualifications, merit and business need. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We strive for a workforce that reflects the diversity of our communities.

To learn more about Pearson\'s commitment to a diverse and inclusive workforce, navigate to: Diversity, Equity & Inclusion at Pearson.

If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing ppsmhr@pearson.com.

Note that the information you provide will stay confidential and will be stored securely. It will not be seen by those involved in making decisions as part of the recruitment process.

Job: TECHNOLOGY

Organization: Assessment & Qualifications

Schedule: FULL_TIME

Req ID: 10955

#LI-REMOTE

Pearson