Security Engineer - Information Security II
Insight Global
**Job Description:**
- Conducts security risk assessments of applications with respect to design and implementation of system and application code
- Develop and manage security governance processes and procedures for the threat modeling program and application security design & devsecops programs.
- Assist in the development of threat modeling governance documentation.
- Works with information security leadership to develop strategies and plans to enforce threat modeling and address identified control gaps.
- Develops reports for management concerning residual risk and non-compliance.
- Monitor and track compliance with application owners to ensure implementation of security controls as planned.
- Review issued security controls with application owners to ensure identified requirements are implemented.
- Validate implementation of security controls against outputs of scanning tools to enable auditability and verifiability.
- Assist application owners in filing appropriate security standard exceptions as identified through threat modeling.
- Develop, Maintain, update and enhance secure design patterns and secure coding standards.
- Develop, Maintain, update and enhance threat libraries.
- Socialize secure design patterns and secure coding standards with engineering teams.
- Assist application teams with threat modeling consultancy questions.
- Consistently enable strong developer and customer experience when liaising with application teams. Uphold Blue Box values when liaising with application teams.
- Develop innovative attack techniques to foil protective design and in-place mitigations.
- Participate in the development of strategies for information security processes and programs.
- Support the investment decision process by developing business cases and cost benefit analysis
- Create reports and other materials to assist in prioritizing activities related to various threats to applications.
- Recommend resource types and skillsets required to resolve project and process issues.
- Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage IT risk and protect data
- Provide ongoing awareness and education of industry efforts and statistics relevant to information security.
- Develop and define IT and information security standardized metrics and criteria.
- Facilitates improvement solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance obligations.
- Facilitates Agile events that help the team deliver value incrementally and iteratively
- Supports the Program Increment (PI) execution through facilitating team level events and partners with the RTE.
- Supports the team in achieving the PI objectives.
- Provides consultation and advice to assess information security risks and mitigate controls to protect corporate intellectual capital, and other sensitive data.
We are a company committed to creating inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity employer that believes everyone matters. Qualified candidates will receive consideration for employment opportunities without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, disability, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com. The EEOC "Know Your Rights" Poster is available here.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .
- Conducts security risk assessments of applications with respect to design and implementation of system and application code
- Develop and manage security governance processes and procedures for the threat modeling program and application security design & devsecops programs.
- Assist in the development of threat modeling governance documentation.
- Works with information security leadership to develop strategies and plans to enforce threat modeling and address identified control gaps.
- Develops reports for management concerning residual risk and non-compliance.
- Monitor and track compliance with application owners to ensure implementation of security controls as planned.
- Review issued security controls with application owners to ensure identified requirements are implemented.
- Validate implementation of security controls against outputs of scanning tools to enable auditability and verifiability.
- Assist application owners in filing appropriate security standard exceptions as identified through threat modeling.
- Develop, Maintain, update and enhance secure design patterns and secure coding standards.
- Develop, Maintain, update and enhance threat libraries.
- Socialize secure design patterns and secure coding standards with engineering teams.
- Assist application teams with threat modeling consultancy questions.
- Consistently enable strong developer and customer experience when liaising with application teams. Uphold Blue Box values when liaising with application teams.
- Develop innovative attack techniques to foil protective design and in-place mitigations.
- Participate in the development of strategies for information security processes and programs.
- Support the investment decision process by developing business cases and cost benefit analysis
- Create reports and other materials to assist in prioritizing activities related to various threats to applications.
- Recommend resource types and skillsets required to resolve project and process issues.
- Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage IT risk and protect data
- Provide ongoing awareness and education of industry efforts and statistics relevant to information security.
- Develop and define IT and information security standardized metrics and criteria.
- Facilitates improvement solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance obligations.
- Facilitates Agile events that help the team deliver value incrementally and iteratively
- Supports the Program Increment (PI) execution through facilitating team level events and partners with the RTE.
- Supports the team in achieving the PI objectives.
- Provides consultation and advice to assess information security risks and mitigate controls to protect corporate intellectual capital, and other sensitive data.
We are a company committed to creating inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity employer that believes everyone matters. Qualified candidates will receive consideration for employment opportunities without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, disability, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com. The EEOC "Know Your Rights" Poster is available here.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .
Confirm your E-mail: Send Email
All Jobs from Insight Global