Senior Application Security Engineer

iHeartMedia

Job Summary:
You will serve as a technical subject matter expert with a secure developer attitude. Designs, defines, and implements security requirements, controls, and processes to enable the secure development and function of applications. Performs threat modeling and technical design reviews of sensitive features, highlight risk, and help the development and engineering teams, and improve the overall security of our products. Develops security tools and automation. You will also be partnering with application service teams to implement application security standards, patterns, and guidelines. Educates developers in application security best practices. Creates, enhances, and maintains application security documentation and provides guidance to developers. Evaluates and recommends new and emerging security products and technologies.

*This role can also be remote/virtual.

Technical Skills

• Developer focus and mid-level knowledge of tools such as Terraform, Kubernetes and Jenkins
• Current experience in security testing, assessment, and methodologies (including browser-based, API, CI/CD pipeline, and Mobile)
• Strong working knowledge of at least two programming or scripting languages, preferably Java. Having C++, C#, or Python, and mastery of object-oriented design and programming helpful.
• Current experience in threat modeling, and technical design reviews.
• Current experience using in at least 1 AppSec (SAST, DAST, IAST) tool sets.
• Strong scripting skills in at least one language, preferably Python.
• Understanding of Agile & Scrum methodologies.
• Familiarity with Jira and Confluence.
• Strong knowledge of CI/CD processes
• Familiarity with repository management, such as Github, TFS, AWS or Azure.
• Familiarity with manual and automated vulnerability management and resolution across multiple teams.
• Familiarity with securing cloud-based resources, including containers and other basic services, in AWS.
• Knowledge of configuration and information management analysis, such as XML, JSON, etc.
• Excellent verbal and written communication skills, including technical writing of assessment reports, presentations, and operating procedures.
• Shows an aptitude for leadership both through practice maturation and by mentoring team members.
• Strong understanding of security principles, policies, and industry best practices.
• Familiarity of various compliance frameworks (PCI DSS, NIST, etc.).
• Familiarity with Open Web Application Security Project (OWASP), Software Assurance Maturity Model (SAMM), Application Security Verification Standard (ASVS), National Institute of Standards and Technology (NIST) Special Publications.

Responsibilities

• Work independently and collaboratively with various teams.
• Implement, onboard, and enforce Application Security tools (SAST, SCA, IaC, DAST and IAST), including cloud-based CI/CD Pipelines.
• Coordinate software security initiatives with various teams.
• Conduct and build data flow diagrams & threat modeling with application teams.
• Manual and tool-based vulnerability management of priority issues.
• Assist in developing Source Code Review and application security checklists.
• Advise developers on how to implement security into DevSecOps CI/CD pipelines

Job Experience

• Minimum of 3 years' experience in Application Security
• Minimum of 5 years in Software Development
• Minimum of 3 years' experience supporting security in CI/CD pipelines

Desired Technical Certifications

• Security, Kubernetes, Docker, AWS, or equivalent

Desired Education

• Bachelor's Degree or 7 years developer experience with 3 years of application security or equivalent required

Location
San Antonio, TX: 20880 Stone Oak Parkway, 78258

Position Type
Regular

Benefits:

iHeartMedia's benefits offering is flexible and offers a variety of choices to meet the diverse needs of our changing workforce, including the following:

• Employer sponsored medical, dental and vision with a variety of coverage options
• Company provided and supplemental life insurance
• Paid vacation and sick time
• Paid company holidays, including a floating holiday that enable our employees to celebrate the holiday of their choosing
• A Spirit day to encourage and allow our employees to more easily volunteer in their community
• A 401K plan
• Employee Assistance Program (EAP) at no cost - services include telephonic counseling sessions, consultation on legal and financial matters, emotional well-being, family and caregiving
• A range of additional voluntary programs, such as spending accounts, student loan refinancing, accident insurance and more!

The Company is an equal opportunity employer and will not tolerate discrimination in employment on the basis of race, color, age, sex, sexual orientation, gender identity or expression, religion, disability, ethnicity, national origin, marital status, protected veteran status, genetic information, or any other legally protected classification or status.

Some positions in certain divisions of the iHeartMedia family of companies are subject to mandatory vaccination requirements as a condition of employment. Candidates who have been offered employment for these positions at iHeartMedia, subject to applicable law, will be required to demonstrate they have been fully vaccinated for COVID-19 or qualify for a medical or religious accommodation from the vaccination requirement by their start date (which may be extended for such purposes). If the aforementioned requirements are not met, candidates who have accepted offers for such positions will have their offers rescinded and/or employment terminated in accordance with applicable law.

Our organization participates in E-Verify. Click here to learn about E-Verify.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Click Here to learn about the San Francisco Fair Chance Ordinance .

Current employees and contingent workers click here to apply and search by the Job Posting Title.