Massachusetts Jobs

Alternate Locations: Work from Home

Work Arrangement:

Hybrid/Flexible : Work at home and use the office as appropriate for in-person collaboration.

Relocation assistance: is not available for this opportunity.

Requisition #: 68431

The Role at a Glance

We’re excited to add an Application Security Engineer positions to our Application Security team!

_Background Details: _

This person will be responsible for working with application development and infrastructure teams to ensure applications are designed, coded, and implemented in a secure manner that meets the requirements of LFG Security policies and standards. The analyst will drive the improvement of policies, standards, and other supporting documentation. This is a hands-on technical position that you will find yourself collaborating with multiple groups across the organization. Strong communication skills are needed to explain complex security to a wide variety of technical levels. Experience as a developer is helpful, but not required.

What you'll be doing

• Responsible for the security of LFG applications and services

• Perform complex security assessments of web and mobile applications

• Perform infrastructure and application design reviews

• Perform static and dynamic analysis tasks

• Review and ensure the implementation of adequate application authentication, authorization, and access control and encryption practices

• Manually assess applications for vulnerabilities created by incorrect business logic implementations and other potential vulnerabilities that are not typically identified with the use of automated tools

• Evaluate, recommend, and implement application security related software in an automated continuous integration/deployment environment.

• Identify, communicate, and drive the resolution of vulnerabilities

• Serve as a subject matter expert for application development and infrastructure teams

• Communicate effectively with a wide variety of technical levels

• Research and advocate for new security solutions and technologies

• Stay current on security trends, vulnerabilities, and testing methods

• Contribute to related policies, standards, and supporting documentation

What we're looking for

Must-haves:

• 3-5 years of experience in Information Technology that directly aligns with the specific responsibilities for this position

• Extensive experience in web application security

• Strong knowledge of application security throughout the SDLC

• Experience with agile delivery practices

• Familiarity with enterprise network infrastructure

• Familiarity with common DMZ architectures

• Experience integrating security into DevOps practices.

• Experience using static application security testing tools such as Fortify, Checkmarx, Veracode, etc.

• Experience dynamic analysis with tools such as AppScan, Webinspect, BurpSuite, and OWASP ZAP, etc.

Nice-to-haves:

• 1-3+ years of Penetration Testing experience (Preferred)

• Experience conducting source code review preferred

• OSCP, OSWE, ISC2 CISSP, CSSLP, GIAC GWAPT, GIAC GSSP-Java, GIAC GSSP-NET (Preferred)Familiarity with container security scanning platforms like Twistcli

• Agile Mindset; awareness/understanding of Agile methodologies

Level: P3

Pay Range: $75,701 $140,700

Actual base pay could vary based on non-discriminatory factors including but not limited to work experience, education, location, licensure requirements, proficiency and qualifications required for the role. The base pay is just one component of Lincoln’s total rewards package for employees. In addition, the role may be eligible for the Annual Incentive Program, which is discretionary and based on the performance of the company, business unit and individual. Other rewards may include long-term incentives, sales incentives and Lincoln’s standard benefits package.

Additional Information

This position may be subject to Lincoln’s Political Contribution Policy. An offer of employment may be contingent upon disclosing to Lincoln the details of certain political contributions. Lincoln may decline to extend an offer or terminate employment for this role if it determines political contributions made could have an adverse impact on Lincoln’s current or future business interests, misrepresentations were made, or for failure to fully disclose applicable political contributions and or fundraising activities. Any unsolicited resumes/candidate profiles submitted through our web site or to personal e-mail accounts of employees of Lincoln Financial Group are considered property of Lincoln Financial Group and are not subject to payment of agency fees.

Lincoln Financial Group ("LFG") is an Equal Opportunity employer and, as such, is committed in policy and practice to recruit, hire, compensate, train and promote, in all job classifications, without regard to race, color, religion, sex (including pregnancy), age, national origin, disability, sexual orientation, gender identity and expression, Veteran status, or genetic information. Opportunities throughout LFG are available to employees and applicants and are evaluated on the basis of job qualifications. We have a drug free work environment and we perform pre-employment substance abuse testing.

Benefits at a Glance (https://hrdirectdocs.lfg.com/misc/HR/Recruiting/BenefitsResourcesGuide.pdf)

This Employer Participates in E-Verify. See the E-Verify (https://www.e-verify.gov/) notices.

Este Empleador Participa en E-Verify. Ver el E-Verify (https://www.e-verify.gov/es) avisos.

Lincoln Financial Group ("LFG") is an Equal Opportunity employer and, as such, is committed in policy and practice to recruit, hire, compensate, train and promote, in all job classifications, without regard to race, color, religion, sex (including pregnancy), age, national origin, disability, sexual orientation, gender identity and expression, veterans status, or genetic information. Opportunities throughout LFG are available to employees and applicants and are evaluated on the basis of job qualifications. We have a drug free work environment and we perform pre-employment substance abuse testing.