Wyndham Hotels & Resorts is looking for a Sr. Engineer, Application Security to join the Wyndham Information Security team and help deliver our application security program. This is an exciting opportunity to be in a key role that helps deliver the design, build, and run of the application security technologies and capabilities to secure Wyndham’s web and mobile applications.
As a member of the Cybersecurity Team, this role is a key participant in executing the application security program’s architecture, framework, and provide crucial guidance to development teams. This role will work directly with various business applications teams in the design, delivery, and security of our web and mobile products. This position will interact with various levels of technical and business personnel to provide security analysis and recommendations while remaining sensitive to business requirements across our applications.
The position will support various internal initiatives related to application development and secure coding practices, application vulnerability detection and remediation, and the overall SDLC lifecycle. This position will also keep up-to-date on emerging application security techniques, technologies, architectures, as well as industry related threats.
This role will be expected to perform several tasks in the pursuit of timely and secure code deployments, this includes manual web testing, code audits and design reviews, find and resolve security vulnerabilities on a variety of platforms, complete manual focused web application vulnerability assessments.
To help improve our security posture, this role will also be asked to help consult on the design of secure web application architecture and secure design principles, advocate security and secure coding practices, perform secure code trainings with groups of developers, analyze, assess and respond to various security threats, and seek out opportunities to automate processes wherever relevant.
This role will also help manage the day-to-day operations of our security technologies, including web application firewalls, bot management defenses, and code scanning solutions. This includes keeping tools, detections, and protection methods up to date and relevant against the current attack methods.
Open to remote work options, with monthly/quarterly in-person team meetings in the Parsippany Office.
What You Will Do
- Provide guidance on tools and methods to protect the Wyndham websites against manual and automated attacks.
- Provide support on larger cybersecurity and business-based projects & initiatives.
- Work effectively with business technology, audit, and fraud teams to solve business problems with technical solutions.
- Represents applications security & cybersecurity in meetings and projects discussions.
- Devise methods to automate testing activities and streamline testing processes.
- Provide oral briefings to leadership and technical staff, as necessary.
- Improve and document operational and troubleshooting procedures.
You'll be successful if you have
- Application security reviews for our services and applications.
- Penetration testing for critical services and applications.
- Security code reviews for critical changes during the development phase.
- Security training and outreach to internal development teams.
- Security best practices documentation.
- Perform detailed application security reviews to examine legacy and new applications, provide technical risk assessments, security gap assessments, and approve new releases.
- Provide support and guidance when necessary for the resolution of identified vulnerabilities/issues in collaboration with business application development teams.
- Operate and enhance application security related technologies, including web application firewalls, bot management defenses, and code security solutions.
- 3+ years of related offense/defense application security experience, specifically related to application security and development.
- Knowledge of software development/deployment methodologies in web & mobile based environments.
- Advanced knowledge and proven expertise in securing AWS cloud infrastructure environments, including API’s and serverless applications.
- Knowledge of application and API security vulnerabilities (including and beyond OWASP Top Ten) and remediation techniques without impacting performance.
- Experience with source code reviews, ethical hacking and penetration testing methods, tools and techniques, including SAST, DAST, IAST, SCA, IAC, solutions.
- Experience with Web Application Firewalls and Automated Bot Management solutions.
- Solid understanding of agile, DevSecOps pipelines, and CI/CD integration.
- Experience implementing and administering complex technical security solutions.
- Knowledge of threat intelligence sources and the part it plays on application security.
- Salary: $100000 - $140000
- Citizenship: Us Citizen
- Incentives: Not Provided
- Education: Not Provided
- Travel: No Travel
- Telework: Hybrid Telecommute