Senior Associate, Software Security Advisor
- Jersey City, NJ, USA
- Permanent, Full time
- New York Life Insurance Company
- 18 Jan 19
Senior Associate, Software Security Advisor
A career at New York Life offers many opportunities. To be part of a growing and successful business. To reach your full potential, whatever your specialty. Above all, to make a difference in the world by helping people achieve financial security. It's a career journey you can be proud of, and you'll find plenty of support along the way. Our development programs range from skill-building to management training, and we value our diverse and inclusive workplace where all voices can be heard. Recognized as one of Fortune's World's Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and service, supported by our Foundation . It all adds up to a rewarding career at a company where doing right by our customers is part of who we are, as a mutual company without outside shareholders. We invite you to bring your talents to New York Life, so we can continue to help families and businesses "Be Good At Life." To learn more, please visit LinkedIn , our Newsroom and the Careers page of www.NewYorkLife.com .
The Software Security Advisor, Senior Assocaite is a skilled software security and information risk professional with experience in application security, secure coding practices, software security testing methodologies; as well as secure application architecture and design. This highly visible role within the CISO's organization will assist in the governance of enterprise application security, provide software security advisory services, consulting and at times remediation expertise to address software defects and vulnerabilties.
Role & Responsibilities
- Support the Application Security function and the enterprise application security framework development, compliance, strategy and governance for the CISO Organization (2nd line of defense) which services all business units and corporate groups across NYL.
- Support 2nd l line software security consulting efforts for various NYL application development teams - includes application security reviews, requirements, threat modeling, analysis of software vulnerabilities, remediation prioritization, and other key 2nd line software security assurance program deliverables.
- Supports the oversight of software security testing and vulnerability remediation for new, legacy, hosted/SaaS and COTS platforms across the NYL environment.
- Supports the review of 3rd party software that NYL may acquire.
- Helps to set requirements that drive the engineering, analysis and performance of application security technologies; as well as reviewing the output of these systems and processes.
- Supports the development of security policy and standards that effect application security across the enterprise
- Helps manage the delivery of software security policies and standards that affect the application lifecycle including application development coding practices, testing methodologies and other key software security related practices.
- Provides guidance to the evaluation and development of emerging application protection technologies at New York Life.
- Consulted on Technology Security engineering deliverables as part of coordination and delivery of application penetration testing, architecture and design review decisions for assigned areas of expertise; contributing an expert understanding of vulnerable conditions and remediation prioritization approaches.
- Provides education and coaching to less experienced staff to encourage quality and consistent approaches with regard do application security.
- Maintains contemporary knowledge of current and future application security technologies, concepts and architectures.
R equired Qualifications:
- Experience in the development/maintenance of: software security programs, policy, standards and process
- Versed in software security design (Waterfall, Agile, etc) and testing methodologies (SAST, DAST, IAST, RASP, SCA, Pen Testing); as well as familiarity with any of the following products: Checkmarx, HP Fortify, VeraCode, Prevoty, IBM AppScan, Contrast Security, WhiteHat Security, Seeker, Coverity, Protecode, SecureAssist, etc.
- Experienced with performing causal analysis and development of plans of action.
- Broad experience with application architecture, software design, SDLC operations and secure software engineering.
- Experience and working knowledge of DevOps, CI/CD, cloud computing and web services.
- Interpersonal skills including the ability to collaborate effectively, and excellent written and oral communications.
Overall Experience, Education and Professional Certifications:
- Minimum 3+ years of expanding responsibility
- BA/BS Degree in Software Engineering, Computer Science, or equivalent experience in Software Security and Cyber Security Engineering.
- CISSP, CEH or similar certifications strongly preferred
If you have difficulty using or interacting with any portions of this Web site due to incompatibility with an Assistive Technology, if you need the information in an alternative format, or if you have suggestions on how we can make this site more accessible, please contact us at: (212) 576-5811.