BUILD YOUR FUTURE, WHILE PROTECTING THEIRS.You will be challenged. Rewarded. And valued for your unique experience, background and perspective.
Join a team where hard work pays off and original thinking is celebrated. As you build your future at Westfield, you will quickly learn that protecting our customer’s future is at the heart of what we do. We deliver on our promise to help restore lives and rebuild businesses when the unexpected happens. Building relationships has been a part of our culture since 1848. Be a part of a team that recognizes and appreciates those who take initiative, seek opportunity and strive for innovation in a changing world.
Application & API Security Engineer Job Summary
Salary Range: $107,116.00-$123,184.00-$139,251.00
The Application & Application Programming Interfaces (API) Security Engineer supports efforts to minimize security risk by managing, monitoring, testing, and reporting on application and Application Programming Interfaces API along with advising the internal technical community as a Subject Matter Expert. Works with Agile and Development/Operations (Dev/Ops) teams, reviewing project documentation, researching, and referencing Information Security policy, delivering recommendations and guidance, in the pursuit of securing systems, processes, and software applications. The Application & API Security Engineer will work with application development personnel and other technical team members to review existing and/or new APIs/web services in support of quality implementations that align with Information Security policies, procedures, and generally-accepted best practices. Role responsibilities/duties include participation in the creation and maintenance of API security specifications, administering API security testing tools, performing API code reviews, attesting compliance with the security requirements, and advising development teams on API-related technical issues and questions.
Essential Functions (primary functions and/or reasons the job exists in order of importance)
1. Supports efforts to minimize security risk by managing, monitoring, testing, and reporting on application and Application Programming Interfaces.
2. Works with Agile and Dev/Ops teams, reviewing project documentation, researching, and referencing Information Security policy, delivering recommendations and guidance in the pursuit of securing systems, processes, and software applications.
3. Identifies risks and areas of exposure in applications developed by/for Westfield.
4. Performs code security reviews statically and dynamically.
5. Coordinates with and oversees contract resources performing these same functions at project level.
6. Assists in the development of application security components throughout all stages of the Software Development Life Cycle (SDLC).
7. Performs manual and automated security testing of Westfield applications and APIs.
8. Understands and ensures application logs and audit trails are in place and providing value.
9. Educates developers on secure coding techniques and security best practices.
10. Participates in incident handling and perform application-related forensics activities.
11. Defines and documents application security requirements for Westfield applications.
12. Monitors industry trends and threat landscape and recommends necessary controls and/or countermeasures.
13. Travels occasionally in order to perform special assignments, training, and/or travel between office locations. Desired Qualifications/Experience/Certification/Education (in order of importance)
1. 3+ years of experience in information security.
2. 3+ years or experience with penetration testing/tools and vulnerability scans.
3. Knowledge of and/or experience with OWASP (Open Web Application Security Project) framework.
4. Experience with processes, tools, techniques, and practices for software engineering with an emphasis on security.
5. Experience with and a strong understanding of secure software authorization methods and communications transports (OAuth, SSL/TLS).
6. Experience with and a strong understanding of API creation, management, hardening, and defense.
Experience with REST and SOAP development.
7. Experience with scripting languages, data manipulation, and tools (e. g., UNIX shell, PowerShell, Python, Perl, or Excel macros).
8. Familiarity with Open Web Application Security Project (OWASP), National Institute of Standards and Technology (NIST) Special Publications, and the Open Source Security Testing Methodology Manual (OSSTMM).
9. CSSLP, CISSP, CCSP, CPSSE, GXPN, GWAPT, and/or similar certifications a plus
10. Bachelor's degree in Computer Science, Engineering, Information Systems, Information Security, or a related discipline or equivalent work experience.
11. Valid driver’s license and a driving record that conforms to company standards.
Physical Requirements (specific to the role)
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
• Ability to work effectively in an office environment for 40+ hours per week (including sitting, standing, and working on a computer for extended periods of time).
• Ability to communicate effectively in a collaborative work environment utilizing various technologies such as: telephone, computer, web, voice, teleconferencing, e-mail, etc.
• Ability to travel as required.This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.
Westfield offers a Total Rewards program that focuses on compensation, benefits and wellness, and includes perks like 401(k), pension plan, annual incentive, education reimbursement, flex-time, onsite fitness center and casual dress. Work-life balance, recognition, and learning and career development are all part of a rewarding career with Westfield.To learn more about Westfield and the opportunities available, please visit us at westfieldinsurance.com.
We are an equal opportunity employer/minority/female/disability/protected veteran.