Information Security Engineer (AppSec)
Deseret Mutual Benefit Administrators
- Salt Lake City, UT
- Permanent
- Full-time
- Help define and implement a comprehensive application security program to protect the confidentiality, integrity, and availability of company assets
- Establish reuseable policy and procedures
- Serve as an authority on application security with development and operations teams
- Evaluate company attack surface to detect misconfigurations, vulnerabilities, or weaknesses requiring mitigation
- Partner with development teams to perform various code, credential, and SCA scans
- Design, implement, and automate reasonable controls in cloud CI/CD environments
- Support the creation and implementation of a red team function and partner with security operations to test detection capabilities and weaknesses
- Help define the scope for annual and periodic penetration assessments
- Actively participate in architectural discussions with other engineers and support staff on various information security topics such as ZTNA, observability, API security, and emergent technologies (AI/ML, etc.)
- Participate in the incident response process to support the identification, eradication, and recovery of systems.
- Create architecture and application documentation
- Help define procedures to formalize and mature application security
- Support various security projects and participate in solution selection and enhancements
- Be an active participant in building the information security program by evaluating and suggesting new solutions and ideas and championing the information security program
- 4-year Bachelor's degree or equivalent experience
- 4-7 years of IT and information security experience
- 2-3 years of development experience
- Strong understanding of information security best practices and security frameworks (NIST CSF, ISO 27001, ISO27005, CIS Controls, HITRUST, etc.) as they pertain to application security
- Working knowledge of the OWASP top 10
- Deep knowledge of databases, common operating systems (Windows/Linux), networking, application, and cloud environments
- CASE, CEH, AWS, or equivalent information security training and expertise
- Experience with HIPAA, DOL Information security best practices, international, federal, and state privacy laws
- Experience with C#, .NET, and JavaScript
- Developing, hardening, and securing APIs
- Ability to work with various IT and Business teams to address sensitive topics and risk
- Strong management and business communication skills
- Deep technical understanding and ability to apply it to complex technical and business solutions
- Expertise in project management and prioritization
- Highly motivated team player with a desire to improve the information security program
- Work in a hybrid remote work and office work environment
- Competitive pay
- Rich medical, vision and dental benefits with low premiums (we are the #1 health plan in Utah!)
- Rich retirement planning; including 401(k) company match, 8% Retirement Plus Plan (we just give you free money for retirement), life insurance, and full service Financial Planners onsite at no cost
- Generous paid leave plan that starts accruing your first day, your birthday off, additional sick leave and 11 paid holidays
- World class wellness program with health coaching, ability to earn 3 additional days off a year, fun activities and an onsite gym.
- Tuition reimbursement
- Career development through company sponsored programs and over 5000 on-demand online training courses.