We’re currently searching for a passionate, empathic, and collaborative Applications Security Engineer to work with our digital acceleration teams responsible for the development of AAA’s web and mobile applications. This position will help define and validate the implementation of application security controls on AAA’s systems and applications. Additionally, this position will play an integral role in the implementation of new security standards and processes within ClubLabs and AAA’s application development community.

Responsibilities

• Integrating security tools, standards, and processes into the software development life cycle (SDLC).
• Ensuring that developers and QA personnel are trained with the appropriate level of security knowledge to perform their daily activities.
• Improving and supporting application security tool deployments including static and dynamic analysis and runtime testing tools.
• Improving and maintaining secure development standards.
• Supporting the incident response and architecture review processes whenever application security expertise is needed.
• Assisting with application framework and perimeter security improvement projects.
• Supporting Vendor Security activities to ensure 3rd-party software and development meets security standards.
• Assisting with identifying security requirements for test-driven design.
• Producing metrics reporting the state of application security programs and performance of development teams against standards.

Qualifications

• 6-8 years related experience and/or training; or equivalent combination of higher education and experience.
• Thorough understanding of the OWASP Top 10 and/or SANS Top 25 application security vulnerabilities, how to detect then, fix them, and most importantly, how to explain them to developers.
• Experience in performing testing of new and existing applications for security vulnerabilities.
• Knowledge of programming language and development tools in any of the following technology stacks:
  • Windows Development API’s including C#, .NET architecture, WMI, Active Directory, etc.
  • C/C++, GNU tool-chain, Linux development environment (core java) and scripting in Linux shells.
• Solid knowledge of and experience with web service technologies such as XML, REST, SOAP, AJAX, JSON, HTML5, JavaScript, and CSS3.
• Mobile application development: Objective-C, Swift, Lua, etc.
• Background in web and/or mobile application security and penetration testing techniques.
• Experience with an application security testing tools such as HP Fortify, VeraCode, Contrast, Checkmarx, ZAP, etc.
• A solid foundation in computer science, with strong competencies in data structures, design patterns, object-oriented programming, algorithms and software design.
• Strong fundamentals of topics in Operating systems (e.g. virtual memory, IPC, processes, threads, kernel, scheduler, I/O, file systems.
• Experience with integrating security tasks into development processes.
• Participated in security operations support and incident handling.
• Ability and willingness to quickly learn new skills, flexibility to work in an agile and fluid environment.

AAA is an Equal Opportunity Employer

The Automobile Club of Southern California will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable federal, state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance.