Position Overview
- Leads technical efforts for ensuring security is applied to the technology platforms and information within the organization in accordance with established standards and policies. This involves in-depth knowledge of the business processes involving Network, architecture, relationship between systems, and systems flow of end-to-end designs for Network & Technology applications with application security focus as well as collaborative working relationships with delivery teams
Responsibilities
- Performs application security assessments and remediation activities as part of the application security program and ensures application teams adhere to the SSDLC Framework.
- Research information security standards; conducts application security and vulnerability analyses and risk assessments; research threats and attack vectors that impact applications. An example would be interpreting a SOC 2 from a vendor to determine if technical requirements of a control are met.
- Makes recommendations on toolset modifications and improvements, improvements on development processes and production application security support.
- Technically mentors associates within the department. Provides training and guidance to team members as required.
- Evangelizes application security program fundamentals, tools, processes and acts as a consultative partner with Global IT and Business teams.
- Participates in automation of scanning and workflows around an internal application security framework
- Ensures teams are validating for OWASP and performing industry leading application security practices such as NIST Cyber Security Framework.
- Perform other duties as assigned.
Requirements
Required: Bachelor’s degree or equivalent experience.
Preferred: Master's degree and/or LOMA certification, MCSE
- 8+ years of relevant work experience.
- Experience in application vulnerability assessments, Testing and execution
- Broad experience in Quality Assurance and software Development with security testing/development as focus area.
- Advanced experience in security testing tools such as Burpe Suite, Zap, or similar tools. Strong background with application security assessments.
- 4+ years hands on system administration and scripting experience. (SQL , PL/SQL Scripting and Oracle Database Tools)
- Experience in Programming languages like Java, Net, Perl/Shell/AWK scripting is a plus.
- Awareness of Advanced Automation scripting and Automation testing tools.
- Outstanding communication, analytical skills and ability to function in a globally diverse work environment.
- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
- Experience in system technology security testing (vulnerability scanning and penetration testing).
- Experience in application technology security testing (white box, black box and code review).
Technical Requirements
- SAML, Oauth, Cloud authentication/authorization mechanisms, and secrets management
- SDLC
Preferred Experiences
- 5+ years’ experience in systems and network monitoring technologies and tools
- 4 or more years’ experience in designing solutions or applications with programming technologies and tools
- Experience working with Cisco/Juniper network equipment devices is a plus.
- 2 + years of experience with public and hybrid cloud environments.
- Insurance industry knowledge
- SANS GIAC
- CISSP
Company Overview
RGA’s culture stresses high performance and collaboration, and the company hires the smartest people in the industry. And, the smart people they hire are not just number crunchers. RGA values creativity and curiosity. RGA also values humility, and its employees work together without ego to bring value to RGA while revolutionizing the life and health insurance space.
#LI-ER1