We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
Remote
Allstate Insurance jobs

Product Security Engineer

Allstate Insurance
United States, Illinois
Jul 02, 2024

At Allstate, great things happen when our people work together to protect families and their belongings from life's uncertainties. And for more than 90 years our innovative drive has kept us a step ahead of our customers' evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection.

Job Description

Product Security is tasked to develop a security framework within the Allstate SDLCs, establish a software security assurance process, and work with product delivery teams to build applications securely from start to finish.

The Product Security Engineer will be responsible for integrating security into the development of Allstate's applications. Product Security Engineers work closely with the product and software development teams to threat model and vulnerability scan the early software, system, and network architecture and identify required control points in the application stack.

As a Product Security Engineer, you will also collaborate closely with developers to diagnose, document, and remediate application security vulnerabilities. You will hold responsibilities for evaluating, recommending, and implementing application security related software in an automated continuous integration/deployment environment.

Key Responsibilities

  • Work closely with application development and platform teams to help formulate and implement a strategy for software security that is tailored to the specific risks facing the organization, including threat modeling and applications security advisement services.

  • Develop and maintain a balanced application security program based on a well-defined application security framework.

  • Conduct application security assessments and implement tools for dynamic/automated code reviews.

  • Ensure application design and implementation best-practice with role-based and appropriate access standards, as well as integration with Identity and Access Management environments.

  • Ensure compliance with society, regulatory, and industry standards for application security.

  • Continuously evaluate the organization's existing application security practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization.

  • Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness.

  • Conduct code reviews.

  • Develop and maintain unit and integration tests designed to ensure security controls are tested on every build.

Job Qualifications

  • 5+ years' experiencein a software or application development field such as SoftwareDeveloper, Architect, Software Quality Assurance, or Application Security Engineer.

  • Be highly proficientin at least one of the followingdevelopment languages: C#, C++, Java, .NET, Node.js,or Python.

  • Possess a strong understanding of applicationarchitectural patterns, such as MVC, Microservices, Event-driven etc.

  • Hold knowledge of the OWASP Top 10.

  • Possess solid understanding and experience with establishingsoftwaredevelopmentpolicies across an organization.

  • Be creative, organized, responsive, anda thoroughproblem solver.

  • Possess a strong business acumen with an ability to work.

  • Possess a restlessness or desire to break into things.

  • Be a strong self-starter who can operate independently.

  • Have excellent oral/written presentation skills with the ability to communicate effectively with senior executive leadership.

  • Hold proficiency in preparation of presentations, analytical reports, and documents regarding program operational status, achievement, and performance.

Desirable Criteria

  • Understanding of Agile/XP/Scrum/Kanban.

  • Understanding of Test-Driven Development built on User Stories.

  • Understanding of Continuous Integration/Testing/Delivery/CI/CD.

  • Familiarity with cloud architecture and services, such as AWS.

  • Familiarity with Metasploit, Burp Suite, Fuzzing, and Jenkins is preferred.

  • Familiarity with code reviews and penetration testingpreferred.

  • Bachelor's degree or relevant post-secondary education.

  • OSCP, OSCE, OSWE, CEH, or GWAPT Certifications are a major plus.

#LI-JJ1

Skills

Application Development, Application Security, OWASP Top 10, Problem Solving, Product Security, Software Development Life Cycle (SDLC)

Compensation

Compensation offered for this role is $95,700 - 170,925 annually and is based on experience and qualifications.

The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.

Joining our team isn't just a job - it's an opportunity. One that takes your skills and pushes them to the next level. One that encourages you to challenge the status quo. And one where you can impact the future for the greater good.

You'll do all this in a flexible environment that embraces connection and belonging. And with the recognition of several inclusivity and diversity awards, we've proven that Allstate empowers everyone to lead, drive change and give back where they work and live.

Good Hands. Greater Together.

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please click "here" for information regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click "here" for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.

To view the "EEO is the Law" poster click "here". This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs

To view the FMLA poster, click "here". This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint.

It is the Company's policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee's ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.

Applied = 0
MORE JOBS LIKE THIS

(web-58dc545866-rvb8c)