- As part of the Application Security team, you’ll be working to reduce risk across Southern California Edison. We partner with engineering and product teams during each point of the software development lifecycle (SDLC) and help drive broader security initiatives across Southern California Edison.
- Application Security Engineers provide security impact by developing secure-by-default libraries and frameworks that teams across Southern California Edison can frictionlessly integrate into their products. They also offer their expertise on security matters through cross-team consultations that cover design and threat modeling, as well as through documentation and educational initiatives.
- Knowledge of application security, system security, secure system design/SecSDLC, secure coding best practices, common attack patterns and exploitation techniques.
- Strong presentation, facilitation, and written/verbal communication skills
- Application security background with a focus on providing practical technical guidance to engineering teams
- Solid understanding of web applications architecture and common vulnerabilities
What you will be doing:
- Act as a subject matter expert on application security domains involving web, mobile, and desktop platforms and work with development teams to champion secure coding practices
- Lead the design of cyber security standards and controls, define secure developmentpractices, identify threats and risks, lead a "secure by design" culture
- Help establish a Secure Software Development LifeCycle to incorporate design and code reviews of our product.
- Identify gaps in apps and services lacking proper secure code guidelines, build-out and execute on a project roadmap to ensure 100% coverage across all assets.
- Threat model current, new applications and features along with existing and new third- party integrations to identify and quantify threats and recommend remediation methods.
- Collaborate closely with engineering and security teams on security focused SDLC process gates and implementation of security best practices.
- Analyze and review API access and develop rules to monitor and identify potential abuse
- Drive adoption of Policy as Code, adherence to software security metrics, lead vulnerability management efforts
- Define secure coding practices and guidance, conduct security reviews, and drive down security-related technical debt
What projects we are working on:
- Identifying gaps in secure coding practices process and procedures while building out roadmap and strategy to mature the program.
- Working to integrate security best practices directly into development pipelines.
- Evaluating DAST/SAST and software composition analysis tools to procure and implement into the pipelines
Hybrid:1 day a week in office
- Salary: $150000 - $165000
- Citizenship: Not Provided
- Incentives: Bonus
- Education: Bachelors Degree
- Travel: Not Provided
- Telework: Hybrid Telecommute