Menu

Engineer IV, Product Security - REQ001705_13-3175

at The College Board in Springfield, Illinois, United States

Job Description

Engineer IV, Product Security

College Board - Technology

Remote

About the Team

The College Board's Product Security team is an agile organization, embracing DevSecOps and cloud-native systems, and focused on improving speed and security of service delivery in support of an important mission. To enable this mission, the College Board is seeking an Engineer IV - Product Security to help drive the development of innovative and transformative security solutions in our DevSecOps and cloud transformation initiatives. The Engineer IV - Product Security is a highly technical and creative contributor to a bleeding edge cloud and application security team enabling the agile development of secure and reliable cloud-based solutions via strong partnerships and interactions with our Products Teams.

About the Opportunity

As a Product Security Engineer, you will support and manage a variety of projects in the Product Security team. In this role, you will both learn and introduce new security services, technologies, and technical solutions to secure our Products and platforms.

You will interact with different stake holders, product development leads, architects, Cybersecurity operations, Risk and Compliance teams and external partners/vendors such as ETS and various SaaS providers. You will review and adopt new innovative security solutions, make updates to existing solutions, negotiate alternative options and participate in building technical and release roadmaps.

As an Engineer IV, you will lead and mentor junior team members supporting their growth and development in Product Security concepts, tools and best practices.

In this role you will:
  • Partner Program - Partnership Development (50%)
    • Act as a liaison between Product Security teams (both in IT and outside of IT) and the Information Security Office via regular engagements with assigned Partner teams. Embed into planning and grooming sessions.
    • Develop deep understanding of our Security Policies and Audit requirements in order to support assigned Partner teams, GRC Exceptions and Audit efforts (PCI, SOC2, ISO27001, GDPR, State Contract requirements)
    • Create Risk Registers for your assigned products and communicate application risks and vulnerabilities to technical stakeholders.
    • Lead application vulnerability reviews and remediation efforts. Develop deep skill sets in understanding, managing and determining exploitability of vulnerabilities to properly determine risk and priority.
    • Work to gain a deep understanding of your assigned products' architectures, Supply Chain (Vendors, Partners, Third Party) Development Practices, CI/CD, GRC Exceptions, Release cadence in order to understand and support mitigation of security risks.
    • Partner with Senior Team members to mentor developers through discussions, presentations, or hands on training sessions to demonstrate best practices in developing secure code and securing application infrastructure.
    • Ensure all assigned products and applications adhere to the Product Security Framework requirements and work to remediate any gaps.
  • Elevate Product Security 25%
    • Work to promote, grow and enhance the Product Security Partners program to develop Security Champions and enable dev teams to shift left.
    • Develop and deliver guidance and training sessions to grow Product Team's Secure Development LifeCycle skills and awareness.
    • Grow skills to perform secure reviews of application architectures and security patterns as needed.
    • Grow skills to develop threat models and risk assessments in conjunction with architects and software engineering staff to identify application security weaknesses and provide coaching on remediation strategies.
    • Develop and deliver Secure Developer Training, Workshops, and training opportunities to cultivate a culture of Product Security
  • Operations 25%
    • Support implementing and operationalizing security tooling and common integrated development environments (AWS).
    • Develop, understand, and provide input into metrics and KPI's for assigned partner teams.
    • Participate in planning and grooming as part of agile ceremonies and manage assigned Epics.
    • Develop hands on expertise with CI/CD and build pipelines with an understanding of quality and security gates; participate in integration of automated solutions to increase security in CI/CD.
    • Work with broader ISO team on incident response and operational/strategic initiatives.
    • Evaluate and promote new and existing security standards, tools, and solutions with a focus on automation and securing build pipelines for a shift left approach.

About You

You have:
  • 3-5 years of progressively responsible, directly related experience
  • Hands on knowledge of secure development practices, Secure Development LifeCycle and DevSecOps
  • Understanding of key programming/scripting languages and secure best practices (Java, node.js, Python, React, JavaScript, etc.).
  • Experience with key Development tools/systems (Artifact Management, Version Control, Work Tracking, Secrets Management, NPM, Build and Deployment Tools, etc.)
  • Knowledge of common vulnerabilities (OWASP/SANS) such as cross-site scripting (XSS), session hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.
  • Familiar with common frameworks, spanning frontend and backend (Angular, Bootstrap, Node, Struts, Spring, ASP.NET MVC, etc.) and with AWS Services and with AWS cloud architecture security.
  • Experience with RESTful web services and API's
  • Ability to travel when required.
  • You are authorized to work in the US

About Our Process
  • Application review will begin immediately and will continue until the position is filled
  • While the hiring process may vary, it generally includes: resume and application submission, recruiter phone screen, hiring manager interview, performance exercise such as live coding, a panel interview, a conversation with leadership and reference checks

About Our Benefits and Compensation

College Board offers a competitive benefits and compensation program that attracts top talent looking to make a difference in education. As a self-sustaining non-profit, we believe in compensating employees equitably in relation to each other, their qualifications, their impact, and the relevant market.

The hiring range for a new employee in this position is $132,000 to $143,000. College Board differentiates salaries by location so where you live will narrow the portion of this range in which you can expect a salary.

Your salary will be carefully determined based on your location, relevant experience, the external labor market, and the pay of College Board employees in similar roles. College Board strives to provide our best offer up front based on this criteria.

Your salary is only one part of all that College Board offers, including but not limited to:
  • A comprehensive package designed to support the well-being of employees and their families and promote education. Our robust benefits package includes health, dental, and vision insurance, generous paid time off, paid parental leave, fertility benefits, pet insurance, tuition assistance, retirement benefits, and more
  • Recognition of exceptional performance through annual bonuses, salary growth over time through market increases, and opportunities for merit raises and promotions based on increased scope of responsibility
  • A job that matters, a team that cares, and a place to learn, innovate and thrive

You can expect to have transparent conversations about benefits and compensation with our recruiters throughout your application process.

#LI-DC1

#LI-REMOTE To view full details and how to apply, please login or create a Job Seeker account
How to Apply Copy Link

Job Posting: 12064217

Posted On: Jul 20, 2024

Updated On: Jul 20, 2024