Senior Application Security Engineer

About the Role
The Sr. Application Security Engineer will be responsible for partnering with engineering and operations teams to support the organization's long-term security strategy. They will apply hands-on technical skills, critical thinking, and strong leadership abilities to design and implement effective security solutions to reduce risk in the Mastery environment.
The Sr. Application Security Engineer must be comfortable communicating with team members and cross-functional partners, working with multiple security technologies, prioritizing security risks, and driving technology and process implementations/improvements to secure systems, data, and the Mastery user community.
This role requires a strong background in security as it relates to platform infrastructure, application security, endpoints, and other aspects of network/cloud infrastructure security.
Responsibilities:

• Design, implement, and operate a highly automated and scalable vulnerability management program leveraging multiple technologies.
• Provide technical guidance on vulnerability remediation and secure configuration in alignment with security best practices, policies/standards, and compliance requirements.
• Monitor threat and vulnerability data sources for emergent risks.
• Work with vendors to design and configure security tools and diagnose and troubleshoot problems.
• Identify opportunities to improve processes and technologies to reduce risk and be a change agent to address these gaps.
• Work directly with the compliance team to implement policies and controls that align with industry standard frameworks.
• Create standards, requirements, design documents, run books, processes, and procedures.
• Plan and execute sprint-based initiatives to achieve annual roadmap goals.
• Produce key metrics for the vulnerability management program.
• Perform consistently at or above outlined expectations and deliver on-time, quality work.
• Mentor junior staff members.
• Foster a culture of security by developing and facilitating security awareness training.
• Communicate complex security and technical topics in easy-to-understand language to a variety of audiences.
• Build consensus for delivering results while finding common ground for collaboration and partnership within security team and cross-functionally.
• Perform additional projects as assigned by leadership.

Qualifications:
Education/Certifications

• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or Information Technology preferred

• CISA, CISM, CISSP, or GIAC certifications a plus

Professional Experience

• 5+ years Information Security, IT Audit, or related field
• Prior experience in one or more technical discipline (vulnerability management, application security, cloud, infrastructure, networking)

Preferred Knowledge/Skills

• Microsoft Azure cloud computing experience
• Azure Kubernetes experience
• GitHub administration (CI/CD pipeline security, repo management, actions/workflows, branch protection rules, Dependabot, Renovate, etc.)
• Experience with security scanning tools (Microsoft Defender, Trivy, SonarQube, Invicti, ManageEngine Endpoint Central, etc.)
• Understanding of basic networking, hosting, containerization technologies, and API security
• Programming/scripting languages (Python, Powershell, etc.)
• Demonstrated experience in PowerBI, Jira, Confluence
• Understanding of IT audit and compliance standards such as SOC 1, SOC 2, SOx, ISO 27001, etc.