Description
Who We Are
Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for eight consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.
What We Do
As an Application Security Lead, you will be a key member of the Information Security group, leading a team responsible for our overall secure Software Development Life Cycle (SDLC) program. The successful candidate will be responsible for defining application security requirements and ensuring the delivery of secure applications and solutions. The Application Security program is designed to ensure that any software developed by our engineers meets our overall security goals to protect our data. The successful candidate will exhibit the skills of an experienced leader, with a disciplined approach to process. You will work with a group tasked with coordinating across many functional teams to ensure that our applications stay at the highest security level. In a dynamic rapidly growing organization, you will be required to be innovative and collaborative to be successful. Candidate must be comfortable working and communicating with executives and can work at a deep technical level with engineers.
What You'll Do:
Conduct comprehensive security assessments of applications, systems, and networks to identify vulnerabilities, assess risks, and provide recommendations for enhancement.
Collaborate closely with development and operations teams to integrate robust security practices into the software development lifecycle (SDLC) while ensuring compliance with stringent security requirements.
Provides consultative leadership and implementation guidance for application teams in the areas of vulnerability remediation and mitigation.
Develop and enforce secure coding practices, offering guidance to developers on coding best practices, security standards, and effective vulnerability remediation.
Stay abreast of the latest threats, vulnerabilities, and industry best practices in application security. Proactively identify and mitigate potential risks.
Monitor, investigate, and respond to security incidents, conducting in-depth root cause analyses, and be consulted on implementing corrective measures to prevent recurrence.
Execute security testing, encompassing vulnerability scanning, penetration testing, and code review, to pinpoint and address security weaknesses.
Collaborate with cross-functional teams to undertake threat modeling, risk assessments, and security architecture reviews for new applications and systems.
Researches, identifies, and documents best practice methods and emerging technologies, evaluating applicability and feasibility to support key business processes and requirements. Manages optimal enterprise application security processes, standards, and technologies.
Define, collect, and communicate application vulnerability metrics across all levels of the organization, utilizing the metrics to aid in analyzing the likelihood of emerging threats impacting the organization and identifying the weaknesses that could be potentially exploited
Be consulted on incident response efforts, including the investigation, mitigation, and resolution of security incidents.
What You'll Bring
A Bachelor's degree in Computer Science, Information Security, or a related field, or relevant working experience.
A minimum of 5 years of experience in application security, including expertise in web application security, mobile application security, cloud security, and secure coding practices.
A solid grasp of secure software development practices, encompassing threat modeling, risk assessment, and vulnerability management.
Familiarity with pertinent industry standards and frameworks such as the OWASP Top Ten Project, NIST Cybersecurity Framework, and ISO/IEC 27001.
Proficiency in handling security tools and technologies, including web application scanners, vulnerability scanners, penetration testing tools, SIEM systems, and Certified Application Security Engineer (CASE) certification.
In-depth knowledge of common application security vulnerabilities, such as cross-site scripting (XSS), SQL injection, and cross-site request forgery (CSRF). The ability to provide guidance on effective mitigation strategies is essential.
A strong understanding of network protocols, operating systems, and web technologies.
Outstanding communication and interpersonal skills, with the capacity to effectively convey intricate security concepts to both technical and non-technical stakeholders.
Certifications like Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), and Certified Application Security Engineer (CASE) are highly regarded.
Familiarity with generative AI coding solutions and a substantial technical software development background, enabling you to lead the team in adhering to software best practices.
Proficiency in scanning code and effectively mitigating and remediating findings.
Pay Range: $96,180- $183,480 annual
This hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.
#LI-BL1
What We Offer
By choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.
Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.
Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for eight consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.
What We Do
As an Application Security Lead, you will be a key member of the Information Security group, leading a team responsible for our overall secure Software Development Life Cycle (SDLC) program. The successful candidate will be responsible for defining application security requirements and ensuring the delivery of secure applications and solutions. The Application Security program is designed to ensure that any software developed by our engineers meets our overall security goals to protect our data. The successful candidate will exhibit the skills of an experienced leader, with a disciplined approach to process. You will work with a group tasked with coordinating across many functional teams to ensure that our applications stay at the highest security level. In a dynamic rapidly growing organization, you will be required to be innovative and collaborative to be successful. Candidate must be comfortable working and communicating with executives and can work at a deep technical level with engineers.
What You'll Do:
Conduct comprehensive security assessments of applications, systems, and networks to identify vulnerabilities, assess risks, and provide recommendations for enhancement.
Collaborate closely with development and operations teams to integrate robust security practices into the software development lifecycle (SDLC) while ensuring compliance with stringent security requirements.
Provides consultative leadership and implementation guidance for application teams in the areas of vulnerability remediation and mitigation.
Develop and enforce secure coding practices, offering guidance to developers on coding best practices, security standards, and effective vulnerability remediation.
Stay abreast of the latest threats, vulnerabilities, and industry best practices in application security. Proactively identify and mitigate potential risks.
Monitor, investigate, and respond to security incidents, conducting in-depth root cause analyses, and be consulted on implementing corrective measures to prevent recurrence.
Execute security testing, encompassing vulnerability scanning, penetration testing, and code review, to pinpoint and address security weaknesses.
Collaborate with cross-functional teams to undertake threat modeling, risk assessments, and security architecture reviews for new applications and systems.
Researches, identifies, and documents best practice methods and emerging technologies, evaluating applicability and feasibility to support key business processes and requirements. Manages optimal enterprise application security processes, standards, and technologies.
Define, collect, and communicate application vulnerability metrics across all levels of the organization, utilizing the metrics to aid in analyzing the likelihood of emerging threats impacting the organization and identifying the weaknesses that could be potentially exploited
Be consulted on incident response efforts, including the investigation, mitigation, and resolution of security incidents.
What You'll Bring
A Bachelor's degree in Computer Science, Information Security, or a related field, or relevant working experience.
A minimum of 5 years of experience in application security, including expertise in web application security, mobile application security, cloud security, and secure coding practices.
A solid grasp of secure software development practices, encompassing threat modeling, risk assessment, and vulnerability management.
Familiarity with pertinent industry standards and frameworks such as the OWASP Top Ten Project, NIST Cybersecurity Framework, and ISO/IEC 27001.
Proficiency in handling security tools and technologies, including web application scanners, vulnerability scanners, penetration testing tools, SIEM systems, and Certified Application Security Engineer (CASE) certification.
In-depth knowledge of common application security vulnerabilities, such as cross-site scripting (XSS), SQL injection, and cross-site request forgery (CSRF). The ability to provide guidance on effective mitigation strategies is essential.
A strong understanding of network protocols, operating systems, and web technologies.
Outstanding communication and interpersonal skills, with the capacity to effectively convey intricate security concepts to both technical and non-technical stakeholders.
Certifications like Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), and Certified Application Security Engineer (CASE) are highly regarded.
Familiarity with generative AI coding solutions and a substantial technical software development background, enabling you to lead the team in adhering to software best practices.
Proficiency in scanning code and effectively mitigating and remediating findings.
Pay Range: $96,180- $183,480 annual
This hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.
#LI-BL1
What We Offer
By choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.
Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.
Jobs from our Partners
Software Displays Engineer – Phoenix, AZ
Phoenix, AZ
US
Senior Database Programmer
Remote
US
AWS Cloud Engineer (FinOps)
Dallas, TX
US
Senior Database Engineer
Philadelphia, PA
US
Linux Firmware Engineer/ Developer
Los Angeles, CA
US
Other Jobs from First American Financial Corporation
(Remote) Sr. Front-End Engineer
Santa Ana, CA
US
Principal DevOps Engineer - Remote
Santa Ana, CA
US
(Remote) - Lead DevOps Engineer
Santa Ana, CA
US
Similar Jobs
Senior Database Programmer
Remote
US
Senior Full Stack Developer (Network Software Engineer)
San Francisco, CA
Full Stack Engineer - Ground Software
San Francisco, CA
Staff Data Engineer (Fintech team) (Bangkok based, relocation provided)
Bangkok, Thailand
Staff Data Engineer (Bangkok based, relocation provided)
Bangkok, Thailand
Lead Data Engineer (Fintech team) (Bangkok based, relocation provided)
Bangkok, Thailand
There are more than 50,000 engineering jobs:
Subscribe to membership and unlock all jobs
Engineering Jobs
50,000+ jobs from 4,500+ well-funded companies
Updated Daily
New jobs are added every day as companies post them
Refined Search
Use filters like skill, location, etc to narrow results
Become a member
🥳🥳🥳 257 happy customers and counting...
Overall, over 80% of customers chose to renew their subscriptions after the initial sign-up.
Cancel anytime / Money-back guarantee