Application Security Engineer (Open to Remote)

Penguin Random House is seeking an Application Security Engineer to join the IT Security team. This position will be responsible for advancing Secure Software Development Life Cycle (SDLC) practices and incorporating application security services and technologies to achieve a security-first design in all of Penguin Random House’s applications. In addition, the individual will be expected to contribute to and help deliver services and projects across various aspects of information security.

The individual will collaborate with developers and business stakeholders from relevant technical teams to evaluate the security architecture of new products and features through application security assessments. They will prioritize and provide guidance on mitigating identified weaknesses and vulnerabilities while working with development teams to define and promote security best practices.

The ideal candidate will have experience in at least one of the following areas: securing workflows in AWS and Azure, proficiency in SecDevOps and automation, familiarity with secure coding practices, or a background in application development with a desire to move into application security. In this role, you will establish cross-functional relationships with team members while being a trusted resource for Development. You will also maintain a hands-on role in implementing solutions and crafting specifications for those teams.

Major Functions:

• Develop and refine our core infrastructure architecture to minimize the vulnerability of essential services and reduce the impact of potential security exploits
• Strategize and implement application security architectures that are in line with the company’s business objectives, ensuring adherence to privacy standards and compliance requirements
• Utilize scripting languages (Python, Ruby, Bash, etc.) to build automation tools as needed
• Create and deliver presentations and documentation to educate developers and operations teams on application security best practices and secure coding techniques
• Identify and assess threats, vulnerabilities, and potential exploits through architecture design reviews, threat modeling, code reviews, and SCA/SAST/DAST assessments, and collaborate with developers/engineers to remediate issues
• Formulate and establish application security policies, standards, and guidelines to support the secure development of products and services
• Collaborate with the DevOps team to enhance application security, integrating security tools into the CI/CD pipeline, including container security, SCA/SAST, DAST, IAST, and third-party vulnerability scanning
• Partner with security stakeholders across the organization to assist delivery teams in conceptualizing and implementing security-focused projects and initiatives

Required Knowledge and Skills:

• Proficient in effective communication, interpersonal relations, and organizational management
• Experience with application security tools such as SCA, SAST, DAST, penetration testing, and fuzzing
• Comprehensive knowledge of prevalent software and web application security vulnerabilities, including OWASP Top 10 and SANS/CWE Top 25
• Expertise in conducting security assessments for web and mobile applications based on OWASP ASVS/M-ASVS and other testing guidelines
• DevOps experience with building and deploying applications/infrastructure with the following technologies: GitLab/GitHub, Ansible, Jenkins, etc. Advanced understanding and experience with web architectures, web applications, APIs, mobile applications, desktop applications, unified communications (including VoIP and SMS), and the underlying technology of cloud infrastructure.
• Experience securing DevOps, including continuous integration, configuration management, and continuous deployment
• Demonstrated ability in leading code reviews, executing threat modeling, and conducting penetration tests

Education and Experience Requirements:

• Bachelor's degree in computer science or a related field, supplemented by a minimum of five years of professional experience encompassing a robust technical understanding and practical involvement in secure software development, security engineering, DevOps, application penetration testing, and/or negative QA testing
• Industry-recognized certification in security is a plus (e.g., CISSP, CISA, CISM, CRISC, CEH, etc.)

To learn more about our IT Department and their initiatives, visit our Tech Talent site.

For any questions you may have, please refer to our FAQ page here.

The salary for this position is $110,000-$135,000. All positions are currently eligible for annual profit award or bonus, subject to Company results.

Penguin Random House job postings include a good faith compensation range for each open position. The salary range listed is specific to each particular open position and takes into account various factors including the specifics of the individual role, and candidate's relevant experience and qualifications.

Full-time employees are eligible for our comprehensive benefits program. Our range of benefits include, but are not limited to, Medical/Prescription drug insurance, Dental, Vision, Health Care/Dependent Care Flexible Spending Account, Health Savings Account, Pre-Tax and Roth 401(k), Short and Long-Term Disability Insurance, Life/AD&D Insurance, Commuter Benefits, Student Loan Repayment Program, Educational Assistance & generous paid time off.

Penguin Random House is the leading adult and children's publishing house in North America, the United Kingdom and many other regions around the world. In publishing the best books in every genre and subject for all ages, we are committed to quality, excellence in execution, and innovation throughout the entire publishing process: editorial, design, marketing, publicity, sales, production, and distribution. Our vibrant and diverse international community of nearly 300 publishing brands and imprints include Ballantine Bantam Dell, Berkley, Clarkson Potter, Crown, DK, Doubleday, Dutton, Grosset & Dunlap, Little Golden Books, Knopf, Modern Library, Pantheon, Penguin Books, Penguin Press, Penguin Random House Audio, Penguin Young Readers, Portfolio, Puffin, Putnam, Random House, Random House Children's Books, Riverhead, Ten Speed Press, Viking, and Vintage, among others. More information can be found at http://www.penguinrandomhouse.com/.

Penguin Random House values the array of talents and perspectives that a diverse workforce brings. All qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status.

Company: Penguin Random House LLC

Country: United States of America

State/Region: New York

City: New York

Postal Code: 10019

Job ID: 268523