Jobs

Apply Now

Applications processed via employer's online application form

Job Details

Location

Belfast, Northern Ireland

Closing Date

2019-07-29 23:00:00

Share

Product Security Engineer

  • Product Security Engineer

    Ref: 6/14/PSE

    Think Technology- Think Allstate

    We build solutions that touch 16 million customers on a daily basis.

    You will work alongside people as passionate as you, focused on delivering the best possible user experiences.

    You will work in a highly collaborative environment primed to adapt to an ever-changing landscape and which places technology solutions at its core.

    You will thrive, you will think differently, you will challenge convention and have the freedom to act with integrity, intention and speed; you will be at the forefront of developing capabilities in support of Allstate’s global business model; you will deliver results and you will leave things better than you found them.

    Location

    Belfast / Londonderry

    Job Description

    Allstate Technology & Strategic Ventures is embarking on a journey to integrate security inside the software development lifecycle.  Product Security is tasked to develop a security framework within the Allstate SDLCs, establish a software security assurance process, and work with product delivery teams to build applications securely from start to finish.

    The Product Security Engineer assists in integrating security into the development of Allstate’s applications. The Product Security Engineer will work closely with the product and software development team to threat model, vulnerability scan, and pen test the early software, system, and network architecture and identify required control points in the application stack. The Product Security Engineer will also work closely with developers to diagnose, document, and remediate application security vulnerabilities.

    Responsibilities include (but aren't limited to):

    • Work closely with application development and platform teams to implement software security that is tailored to the specific risks facing the organization, including threat modeling and applications security advisement services.
    • Conduct application security assessments / penetration tests and implement tools for dynamic/automated code reviews
    • Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness.
    • Conduct code reviews and penetration testing
    • Develop and maintain unit and integration tests designed to ensure security controls are tested on every build

    Essential Criteria

    • Must be an EU citizen or possess a current UK Tier 1 Visa or Tier 2 visa and eligible to take up full time, permanent employment. EU candidates must also demonstrate they are eligible to take up UK employment post-Brexit.
    • Bachelors and/or master’s Degree or equivalent experience in Information Security, Engineering, Computers Science, or related field
    • 4 years’ experience as an Application Security Engineer, Application Developer, Architect, or Software Quality Assurance
    • Proficient with development languages including Java, .NET, Node.js, Go
    • Thorough knowledge of the OWASP Top 10
    • Practical understanding and use of commercial application security tools
    • Understanding of Agile/XP/Scrum/Kanban
    • Understanding of Continuous Integration/Testing/Delivery

    Desirable Criteria

    • Excellent analytical, organizational and problem-solving skills
    • Experience working in very large enterprise environment with diverse teams.
    • Demonstrated ability to participate in cross functional teams, including offsite, remote and offshore resources
    • Effective written, verbal communication skills. Ability to tailor communication style to audience at hand
    • Ability to effectively communicate with technical and non-technical resources
    • Self-directed, works with minimal guidance, and recognizes when guidance needed
    • Demonstrated ability to stay abreast securing evolving technology
    • Familiarity with Metasploit, Burp Suite, Fuzzing, GauntIt, and Jenkins is preferred

    Closing Date:  Tuesday 30th June 2019

    Statement on Fair Employment and Equal Opportunities:

    Allstate NI wishes to ensure equal opportunity is given to all job applicants.  This company will not discriminate on the grounds of race, gender (including gender reassignment status), sexual orientation, religious belief, political opinion, marital status, age or disability.

    We are an equal opportunities employer. We welcome applications from all suitably qualified persons. However, as women are currently under-represented in our workforce, we would particularly welcome applications from women. All appointments will be made on merit.

    Applicants should note Allstate NI complete AccessNI background checks on all candidates offered a position.

Apply Now

Applications processed via employer's online application form