Application Security Manager
- Career Level
- Not Specified
Where good people build rewarding careers.
Think that working in the insurance field can't be exciting, rewarding and challenging? Think again. You'll help us reinvent protection and retirement to improve customers' lives. We'll help you make an impact with our training and mentoring offerings. Here, you'll have the opportunity to expand and apply your skills in ways you never thought possible. And you'll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.
CompoZed Development is growing daily – across our multiple Allstate development groups we've launched several products and we haven't stopped accelerating. We are committed to moving quickly as the number of projects and products continues to expand and evolve, leveraging our skills to assist the Allstate development groups in bringing the best solutions and services to market. As part of this program, Allstate Information Security is focused on enabling our developer's success by partnering with them and leveraging existing agile/XP tools (e.g., Jenkins, GitHub and JIRA) to integrate security controls.
Don't miss this opportunity to join an organization where your innovative thinking and technology skills can make an impact on the future of the way Allstate develops and delivers software in the future.
The Application Security Assurance Program (ASAP) Team is looking to hire a Security by Design consultant supporting our agile, XP and waterfall development functions. The primary objective for this role is to work closely with development teams and Security Champions to ensure that secure programming practices are established and implemented. The team is specifically looking for an applicant that has experience in partnering with agile/XP development teams to define security aligned user stories, integrating security controls into agile/XP development tools and methodologies for both web and mobile applications.
Responsibilities include, but are not limited to the following:
- Lead a team to establish, implement and lead a best in class application security program across multiple development disciplines
- Provide training/training recommendations for Allstate developer community
- Ensure security by design is integrated into the software development lifecycle
- Partnering with application teams to
- Ensure secure code practices are understood and implemented
- Integrate security testing using development tools
- Establish user stories (abuser stories) to ensure security requirements are captured and validated through test-driven development
- Provide consulting services for coding best practices
- Other security-related projects
- Strong ethics and understanding of ethics in business and information security
- Detailed knowledge of secure programing best practices
- Minimum 3 years people leadership experience
- Minimum of 3 years work experience in application security
- Minimum of 5-7 years of IT or software development experience
- Possess current security certifications (e.g., CISSP, CEH)
- Degree in either Computer Engineering, Computer Science, or Information Systems Management
- Detailed knowledge of the OWASP (mobile and web) vulnerabilities, tools and methodologies
- Understanding of Waterfall, Agile, and Extreme Programing
- Direct experience of continuous integration and continuous delivery practices with a focus of integrating security into pipelines
- Understanding and experience with cloud technologies (public, private, iaas, paas) and security implications relative to building and deploying platform infrastructure and cloud native applications
- Experience with the use of open source software in application development and a good understanding of the security best practices relative to OSS
- Experience leveraging test-driven development and Agile/XP story development to drive implementation and validation of security controls
- Understanding of common attack techniques
- Understanding of iPhone and Android application development
- Experience working with a large engineering and user experience teams, operating in an Agile environment where features and prioritizations evolve quickly
- Understanding and familiarity with common code review methods and standards
- Knowledge of common security requirements within ASP.NET application
- Knowledge of standard SDLC practices
- Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Webinspect, Accunetix, NTO Spider, Burpsuite Pro)
- Experience with static analysis tools (e.g., IBM Appscan Source, HP Fortify)
- Experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB))
- Experience with web application development (e.g., ASP.NET, ASP, PHP, J2EE, JSP)
- Experience leveraging BISSM6/BISSM 7 to establish strong secure application development functions
- Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint)
This position can be located anywhere in USA. This position will require 30-50% travel.
The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.
Good Work. Good Life. Good Hands®.
As a Fortune 100 company and industry leader, we provide a competitive salary – but that's just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you'll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.
Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.
Allstate generally does not sponsor individuals for employment-based visas for this position.
Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.
For jobs in San Francisco, please see the notice regarding the San Francisco Fair Chance Ordinance.
It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.