Description
Job Title Senior Application Security Engineer Job Description About Your Role: Dotdash Meredith is looking for a Senior Application Security Engineer with a demonstrated track record of innovative thinking, technical expertise, and mentorship. This role will be tasked with supporting product managers, software development teams, vulnerability management and remediation, and improving security coverage throughout the SDLC. As a highly visible professional within the Security team, you will be responsible for helping to set technical direction, managing technical projects, and collaborating with other groups within the organization. About Your Contributions: Product Management Be a key advisor and advocate to the overall strategy and roadmap of the Product Security Program. Provide technical leadership and guidance to the development teams to assist in the creation and design of software development features Track and provide reporting to leadership on current program/project status. Solutions Research, design and implement application security solutions to address application security threats, and meet compliance obligations Manage and support the integration of application security tools into the SDLC process. Work with development teams to improve the security of CI/CD processes by ensuring version control for source code, scanning code for vulnerabilities in the build pipeline, and ensuring public/private repositories are trusted and secure. Design and develop coding standards across infrastructure, application, and data security, building out guidelines and standards to drive a standardized set of security requirements that align with internal policies and meet external compliance/regulatory requirements. Vulnerability Assessment Manage and support application security tool deployments including static analysis, dynamic testing and software composition analysis tools Assess the application threat landscape through threat modeling and architecture reviews Conduct security source code reviews Prioritize, triage and assist developers on the remediation of application security vulnerabilities Develop metrics and reporting on the posture of the application security program About You: Technical Skills 4+ years experience in Application Security Full stack development experience preferably in Java, Javascript and/or Python Application Development and Security Knowledge of the current Application and Product Security threat landscape and industry best practices and how to implement them at a business-wide level Knowledge of SANS/CWE Top 25, OWASP Top 10 Application Security principals. Deep understanding of developing security policies, standards and procedures and experience with implementing them across the organization. Experience with data encryption, cryptography and encryption key management. Experience with web and mobile application security tooling and processes, including threat modeling, security design/code review, static code analysis, penetration testing, risk management, etc. Understanding of vulnerability disclosure processes and experience working with vendors to integrate security solutions into the SDLC process. Ability to innovate and find creative solutions that balance the needs of the business with the needs of security. Infrastructure Solid understanding of OSI model, TCP/IP, HTTP and TLS Knowledge of C.I.A. (confidentiality, integrity, availability) security principles and D.I.E. (distributed, immutable and ephemeral) security model Strong knowledge of cloud computing infrastructure and security best practices, including familiarity with cloud native applications and architecture. Experience with configuration management and DevOps practices to ensure that security is integrated into the SDLC process Interpersonal Skills Passion for application security and continuous learning. Able to concisely communicate security risks to both technical and business audiences Attention to detail Ability to work independently, and as part of a team Ability to multitask and prioritize work effectively It is the policy of Dotdash Meredith to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, the Company will provide reasonable accommodations for qualified individuals with disabilities. Accommodation requests can be made by emailing ddm.hr@dotdashmdp.com. The Company participates in the federal E-Verify program to confirm the identity and employment authorization of all newly hired employees. For further information about the E-Verify program, please click here: https://www.e-verify.gov/employees Pay Range Salary: $75,000 - $90,000 The pay range above represents the anticipated low and high end of the pay range for this position and may change in the future. Actual pay may vary and may be above or below the range based on various factors including but not limited to work location, experience, and performance. The range listed is just one component of Dotdash Meredith’s total compensation package for employees. Other compensation may include annual bonuses, and short- and long-term incentives. In addition, Dotdash Meredith provides to employees (and their eligible family members) a variety of benefits, including medical, dental, vision, prescription drug coverage, unlimited paid time off (PTO), adoption or surrogate assistance, donation matching, tuition reimbursement, basic life insurance, basic accidental death & dismemberment, supplemental life insurance, supplemental accident insurance, commuter benefits, short term and long term disability, health savings and flexible spending accounts, family care benefits, a generous 401K savings plan with a company match program, 10-12 paid holidays annually, and generous paid parental leave (birthing and non-birthing parents), all of which may vary depending on the specific nature of your employment with Dotdash Meredith and your work location. We also offer voluntary benefits such as pet insurance, accident, critical and hospital indemnity health insurance coverage, life and disability insurance. #NMG# Dotdash Meredith is America’s largest digital and print publisher. Our 40+ iconic and fast-growing brands harness the best intent-driven content, the fastest sites, and the fewest ads to help nearly 200 million people every month, including 95 percent of US women, make decisions, take action, and find inspiration. Dotdash Meredith brands include PEOPLE, Better Homes & Gardens, Verywell, FOOD & WINE, The Spruce, Allrecipes, Byrdie, REAL SIMPLE, Investopedia, Southern Living and more.