Lead Application Security Engineer

Job Description

Lead Application Security Engineer

The Application Security Engineer will be reporting to the Director of Application / Product Security Architecture. As an Application Security Engineer, you will be working closely with the Application / Product Development teams. You help and identify the champions in the development teams to help the developers in driving secure code efforts. Perform code reviews, project security reviews, penetration testing support and application security processes. You most important role will be to guide, support and direct the initiative to drive bug remediation, meeting with project teams to identify and secure changes in new functionality.

Responsibilities:

• Be a subject matter expert for Application security solutions within the HMH InfoSec team
• Use the tools and technologies used throughout HMH InfoSec team
• Collaborate with cross functional teams (Engineering, Product Management and Business Stakeholders) while carrying out day-to-day tasks.
• Strong foundation in core information security principles and goals.
• Proven expertise in enterprise security solutions.
• Knowledge on common and emerging security threats
• In-depth knowledge of security best practices.
• Support code reviews across all code platforms
• Manage security integration into the SDLC process
• Responsible for bug intake and remediation process
• Responsible for leading the remediation of application vulnerability scanning and penetration testing
• Manage integration with Static Code Analysis and Dynamic Code Analysis tools
• Identify security exposures and develop mitigation plans
• Own and document medium/large epics and follow through until completion
• Present security solutions to a larger audience.
• Troubleshoot production issues and performance bottlenecks.
• Follow Security best practices
• Be productive and participate in security initiatives with minimal supervision

What you should have:

• 3 to 4+ years of Application Security testing / assurance experience and proven experience in integrating security within the SDLC processes
• Strong knowledge of Application security standards and practices (e.g., OWASP mitigation guidelines)
• Hands on experience with Application Security testing tools or with application security remediation works.
• Demonstrated ability to apply application development knowledge and experience in solving application / product security issues.
• Experience conducting code reviews in Java, C#, or .NET
• Strong and recent experience with threat modeling

Physical Requirements

• Might be in a stationary position for a considerable time (sitting and/or standing).
• The person in this position needs to move about inside the office to access file cabinets, office machinery, etc.
• Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine, and computer printer.
• Must be able to collaborate with colleagues via face to face, conference calls, and online meetings.

ABOUT HMH:
Houghton Mifflin Harcourt (NASDAQ:HMHC) is a global learning company dedicated to changing people’s lives by fostering passionate, curious learners. As a leading provider of pre-K–12 education content, services, and cutting-edge technology solutions across a variety of media, HMH enables learning in a changing landscape. HMH is uniquely positioned to create engaging and effective educational content and experiences from early childhood to beyond the classroom. HMH serves more than 50 million students in over 150 countries worldwide, while its award-winning children's books, novels, non-fiction, and reference titles are enjoyed by readers throughout the world.

For more information, visit http://careers.hmhco.com

PLEASE NOTE:
Houghton Mifflin Harcourt is an equal employment opportunity employer and participates in E-Verify. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of gender, race/ethnicity, gender identity, sexual orientation, protected veteran status, disability, or other protected group status.