37 applicants

Company

Original Job Post

Allstate · 2 days ago

Product Security Engineer

Illinois, United States

Full-time

Onsite

Senior Level

$96K/yr - $171K/yr

5+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

BankingFinance

Insider Connection @Allstate

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Work closely with application development and platform teams to help formulate and implement a strategy for software security that is tailored to the specific risks facing the organization, including threat modeling and applications security advisement services.

Develop and maintain a balanced application security program based on a well-defined application security framework.

Conduct application security assessments and implement tools for dynamic/automated code reviews.

Ensure application design and implementation best-practice with role-based and appropriate access standards, as well as integration with Identity and Access Management environments.

Ensure compliance with society, regulatory, and industry standards for application security.

Continuously evaluate the organization’s existing application security practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization.

Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness.

Conduct code reviews.

Develop and maintain unit and integration tests designed to ensure security controls are tested on every build.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Software developmentApplication architectureOWASP Top 10Software development policiesC#C++Java.NETNode.jsPythonMVCMicroservicesEvent-driven architectureAnalytical reportsProgram managementProblem solvingCreativityOrganizationResponsivenessBusiness acumenSelf-starterCommunication skillsAgileXPScrumKanbanTest-Driven DevelopmentContinuous IntegrationContinuous TestingContinuous Delivery

Required

5+ years’ experience in a software or application development field such as Software Developer, Architect, Software Quality Assurance, or Application Security Engineer.

Be highly proficient in at least one of the following development languages: C#, C++, Java, .NET, Node.js, or Python.

Possess a strong understanding of application architectural patterns, such as MVC, Microservices, Event-driven etc.

Hold knowledge of the OWASP Top 10.

Possess solid understanding and experience with establishing software development policies across an organization.

Be creative, organized, responsive, and a thorough problem solver.

Possess a strong business acumen with an ability to work.

Possess a restlessness or desire to break into things.

Be a strong self-starter who can operate independently.

Have excellent oral/written presentation skills with the ability to communicate effectively with senior executive leadership.

Hold proficiency in preparation of presentations, analytical reports, and documents regarding program operational status, achievement, and performance.