Engineer, Application Security- (Open to remote)

Penguin Random House is seeking an Application Security Engineer to join the IT Security team.  This position will be responsible for advancing Secure Software Development Life Cycle (SDLC) practices and incorporating Application Security services and technologies to achieve a security-first design in all of Penguin Random House’s applications.  In addition, the individual will be expected to contribute to and help deliver services and projects across various aspects of information security.   

The individual will collaborate with developers and business stakeholders from relevant technical teams to evaluate the security architecture of new products and features through application security assessments.  They will prioritize and provide guidance on mitigating identified weaknesses and vulnerabilities while working with development teams to define and promote security best practices. 

The ideal candidate will have experience in at least one of the following areas: securing workflows in AWS and Azure, proficiency in SecDevOps and automation, familiarity with secure coding practices, or a background in application development with a desire to move into application security. In this role, you will establish cross-functional relationships with team members while being a trusted resource for Development. You will also maintain a hands-on role in implementing solutions and crafting specifications for those teams.   

Specific responsibilities include:

• Develop and refine our core infrastructure architecture to minimize the vulnerability of essential services and reduce the impact of potential security exploits. 

• Strategize and implement application security architectures that are in line with the company’s business objectives, ensuring adherence to privacy standards and compliance requirements. 

• Utilize scripting languages (Python, Ruby, Bash, etc.) to build automation tools as needed. 

• Create and deliver presentations and documentation to educate developers and operations teams on application security best practices and secure coding techniques.  

• Identify and assess threats, vulnerabilities and potential exploits through architecture design reviews, threat modeling, code reviews, SCA/SAST/DAST assessments and collaborate with developers/engineers to remediate issues. 

• Formulate and establish application security policies, standards and guidelines to support the secure development of products and services. 

• Collaborate with the DevOps team to enhance Application Security, integrating security tools into the CI/CD pipeline, including container security, SCA/SAST, DAST, IAST, and third-party vulnerability Scanning. 

• Partner with security stakeholders across the organization to assist delivery teams in conceptualizing and implementing security-focused projects and initiatives. 

Preferred qualifications include: 

• Bachelor's degree in computer science or a related field, supplemented by a minimum of five years of professional experience encompassing a robust technical understanding and practical involvement in secure software development, security engineering, DevOps, application penetration testing, and/or negative QA testing. 
•  Proficient in effective communication, interpersonal relations, and organizational management. 

• Experience with application security tools such as SCA, SAST, DAST, Penetration testing, and Fuzzing. 

• Comprehensive knowledge of prevalent software and web application security vulnerabilities, including OWASP Top 10 and SANS/CWE Top 25. 

•  Expertise in conducting security assessments for web and mobile applications based on OWASP ASVS/M-ASVS and other testing guidelines. 

• DevOps experience with building and deploying applications/infrastructure with the following technologies:  GitLab/GitHub, Ansible, Jenkins, etc. Advanced understanding and experience with web architectures, web applications, APIs, mobile applications, desktop applications, Unified Communications (including VoIP and SMS), and the underlying technology of cloud infrastructure. 

• Experience securing DevOps, including continuous integration, configuration management, and continuous deployment. 

•  Demonstrated ability in leading code reviews, executing threat modeling, and conducting penetration tests. 

• Industry-recognized certification in security is a plus (e.g., CISSP, CISA, CISM, CRISC, CEH, etc.) 

 This position is open to remote candidates.     

The salary range for this position is $100,000 - $135,000. All positions are currently eligible for annual profit award or bonus, subject to Company results.   

Please apply by April 4th using our online application process, and please include your resume, cover letter, and salary requirements.  

Penguin Random House job postings include a good faith compensation range for each open position. The salary range listed is specific to each particular open position and takes into account various factors including the specifics of the individual role, and candidate's relevant experience and qualifications.

Full-time employees are eligible for our comprehensive benefits program. Our range of benefits include, but are not limited to, Medical/Prescription drug insurance, Dental, Vision, Health Care/Dependent Care Flexible Spending Account, Health Savings Account, Pre-Tax and Roth 401(k), Short and Long-Term Disability Insurance, Life/AD&D Insurance, Commuter Benefits, Student Loan Repayment Program, Educational Assistance & generous paid time off.

Penguin Random House is the leading adult and children's publishing house in North America, the United Kingdom and many other regions around the world. In publishing the best books in every genre and subject for all ages, we are committed to quality, excellence in execution, and innovation throughout the entire publishing process: editorial, design, marketing, publicity, sales, production, and distribution. Our vibrant and diverse international community of nearly 300 publishing brands and imprints include Ballantine Bantam Dell, Berkley, Clarkson Potter, Crown, DK, Doubleday, Dutton, Grosset & Dunlap, Little Golden Books, Knopf, Modern Library, Pantheon, Penguin Books, Penguin Press, Penguin Random House Audio, Penguin Young Readers, Portfolio, Puffin, Putnam, Random House, Random House Children's Books, Riverhead, Ten Speed Press, Viking, and Vintage, among others. More information can be found at http://www.penguinrandomhouse.com/.

Penguin Random House values the array of talents and perspectives that a diverse workforce brings. All qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status.

Company: Penguin Random House LLC 

Country: United States of America 

State/Region: New York 

City: New York, NY 

Postal Code: 10019 

Job ID: 278742