Senior Application Security Engineer

We invite you to explore a future with us at PRA Group, a diverse and growing company that has a tangible impact on the global economy.

Position Summary: 

PRA Group is hiring a Senior Application Security Engineer to join the Information Security team. This new role joins the newly created Application Security department, providing an exciting opportunity for an experienced application security professional to make an impact and lead application security initiatives across the enterprise. Reporting to the Associate VP of Application Security, this role requires frequent collaboration with development and project management teams to ensure secure coding and architectural principles are integrated across the SDLC. The person in this role will also provide vulnerability remediation guidance, develop and nurture a partnership model between the Information Security team and Software Development teams, and participate in AppSec activities such as tuning existing toolsets, creating and maintaining a bug bounty program, and managing inventory of software assets.

Experience:

• We are seeking individuals with at least 3 to 5 years of experience as an Application Security Practitioner as well as 3-5 years of previous experience in software engineering in large-scale production environments  
• CISSP certification or one that is in progress is preferred
• Experience with enterprise backend systems written in languages such as .NET/C#, Ruby on Rails, or Java; prefer C#.
• Experience with git version control 
• Understanding of the software development peer review, testing, deployment and maintenance phases 
• Also experience with front end languages and frameworks such as Vue.JS, Blazor, and vanilla JS 
• Experience working within frameworks and guidelines such as ISO 27001 and the OWASP Top 10  
• Experience integrating 3rd- party and/or custom security testing solutions into CI/CD pipelines 
• Experience with tuning and managing security testing tools such as DAST/SAST and SCA 
• Bachelor’s Degree in Computer Science, Information security OR related professional experience 

Preferred Experience:

• Proven track record of contributing to the security or software development field, including teaching, speaking, mentoring, volunteering or publishing works 
• Any experience or interest in Cloud Security, IAC, container security, or AI security 
• A passion for cross-departmental education and communication 
• Interest in how security can inform business processes, whether by driving revenue or cutting costs 

Key Responsibilities:

• Collaborate with software engineering to implement Application Security architecture as designed by the senior leadership of InfoSec and software engineering 
• Act as security advisor to SWE, which includes triaging security vulnerabilities, illustrating common exploits, assessing reachability from an attacker’s perspective, and assisting with remediation of agreed upon priorities 
• Provide software quality assurance by completing secure code reviews 
• Build relationships with software engineers to illustrate the ‘how’ and ‘why’ behind vulnerability remediation strategies
• Work with security architects and software engineers to review and design security requirements for new software features and the maintenance of current software
• Participate in security and technology strategic planning to ensure identified risk governance is incorporated into enterprise strategy
• Oversee the management and operations of Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST) 
• Work with Risk & Compliance teams on ISO 27000, SOC2, PCI-DSS, SOX, and other audits as needed.
• Integrates 3rd-party testing solutions into CI/CD pipelines and development cycles
• Define security guardrails through automated tool policies, SLAs, custom rules, and support of the developer community
• Support education strategies for software developers through regular lunch and learns, e-learning platforms, and written educational resources 
• Integrate security tooling into developer toolsets such as IDE plugins 
• Expertise in API security governance & knowledge of how to build secure APIs
• Manage potential tools to cover API security such as gateways and automated API security testing to enforce secure development
• Experience with threat modeling, which includes creating DFDs to analyze security weak points throughout the application’s environment
• Create and maintain a bug bounty program
• Excellent communication skills: verbal, written, and presentational
• Ability to present to various levels of stakeholders on metrics created within security analysis tools to guide AppSec program strategy
• Ability to document and track work based on initiatives set by senior leadership

At PRA Group, we're committed to helping our employees reach their highest potential by offering competitive salaries, proprietary training programs, tuition reimbursement programs, comprehensive healthcare, health, dental and vision benefits, maternal and paternal leave, holiday pay and PTO, an employee assistance program, and valuable opportunities to establish a long career within our organization.

Salary Range:

$118,000.00 - $188,000.00

PRA Group has an effective process for assessing market data and establishing ranges to ensure we remain competitive. Actual compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, specific working location and market position. This posted salary range is a good faith and reasonable estimate, and PRA Group reserves the right to adjust this range depending on the qualifications and location of the selected candidate.  In addition to base salary, PRA may offer additional benefits to include performance based bonus programs and/or equity programs depending on the position.  PRA offers paid time off, medical, dental, vision, 401k match, life insurance, and other benefits to assist with the physical and mental wellbeing of our employees.

All qualified applicants will receive consideration for employment regardless of age, race, color, sex, gender, religion, national origin, physical or mental disability, citizenship, or any other classes recognized by state or local law or any other characteristic protected under applicable federal, state or local law. We are a drug free workplace.