Application Security Engineer
7 days ago
The Opportunity
We are seeking an experienced Application Security Engineer to join our Software Security team and take charge of ensuring the security and integrity of our software applications. The ideal candidate will have advanced knowledge of secure software development, extensive experience with identifying vulnerabilities, and the ability to implement robust security solutions. This role will require collaboration with development teams, security architects, and other stakeholders to integrate security best practices into all stages of the software development lifecycle.
The Impact
Your key responsibilities will consist of the following to ensure applications are resilient against emerging threats, reducing potential financial and reputational damage from security incidents.
- Conduct in-depth security assessments, including vulnerability scanning, and code reviews.
- Leverage automated tools and manual testing techniques to identify, risk assess and prioritize and propose mitigation strategies for identified threats and application-level vulnerabilities (e.g., OWASP Top 10, etc.) ensuring our applications meet security standards and reducing exposure to data breaches.
- Collaborate with security architects to design secure application architectures that align with industry best practices.
- Ensure secure coding practices are followed, and security controls are incorporated into software designs.
- Conduct detailed threat modeling to identify attack vectors and potential weaknesses.
- Collaborate with our SDLC Council to develop and maintain secure coding standards, empowering developers to integrate security into the development process.
Partner with DevOps teams to implement security within CI/CD (continuous integration & delivery) pipelines for automated and seamless deployment of secure code. - Assist in incident response activities related to application security breaches, providing rapid identification and mitigation guidance.
- Ensure compliance with security regulations, frameworks, and industry standards such as OWASP.
- Leverage reporting tools to demonstrate the overall risk through metrics (KPIs, KRIs, OKRs) of vulnerabilities and code defects to MassMutual’s cyber assets for various team leaders and executive leadership for risk prioritization and enablement of risk-based decision-making.
- Stay up to date with the latest security threats, vulnerabilities, and industry trends to inform and improve security strategies.
- Strong problem-solving abilities and analytical thinking.
- Excellent communication skills to explain security issues to both technical and non-technical stakeholders.
- A team player with the ability to work in a collaborative, fast-paced environment.
The Minimum Qualifications
- Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.
- Minimum of 5+ years of experience in application security, penetration testing, or secure software development.
The Ideal Qualifications
- Relevant security certifications such as CEH, OSCP, or GWAPT) from an industry recognized certifier (e.g., SANS/GIAC, CompTIA, ISACA, ISC2, etc.)
- Strong knowledge of secure software development methodologies, including threat modeling, code reviews, and static/dynamic analysis.
- Experience in integrating security into DevOps (DevSecOps) and CI/CD environments.
- Strong technical knowledge of web application security, cloud security (AWS, Azure, GCP), mobile security, infrastructure as code (IaC), container security, and API security.
- Familiarity with SAST, DAST, and IAST tools.
- Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and their mitigations.
- Advanced understanding and experience with writing source code (e.g., JavaScript, Java, C/C++/C#, Python, etc.) and familiarity with software security frameworks (e.g., Maven, Node, Gradle, etc.).
- Experience with identifying security vulnerabilities/defects in dockers, containers, and Kubernetes.
- Experience with cloud deployment and automation tools (Terraform, GitHub Actions, Jenkins, AWS Cloud Formation Templates, Secrets Managers).
- Knowledge of compliance and regulatory frameworks (SOC 2, etc.).
What to Expect as Part of MassMutual and the Team
- Focused one-on-one meetings with your manager
- Access to mentorship opportunities
- Networking opportunities including access to Asian, Hispanic/Latinx, African American, women, LGBTQ, veteran and disability-focused Business Resource Groups
- Access to learning content on Degreed and other informational platforms
- Your ethics and integrity will be valued by a company with a strong and stable ethical business with industry leading pay and benefits
#LI-SC1
MassMutual is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply. Note: Veterans are welcome to apply, regardless of their discharge status.If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.
-
Senior Security Engineer
2 weeks ago
Boston, United States Aqua Security Full timeAqua Security is a global leader in cloud-native security, safeguarding software infrastructure from development to production. As a rapidly growing player in the cloud-native security space, we champion innovation, collaboration, and growth. We're seeking a talented Security Engineer to join our elite Security team and enhance our vulnerability management...
-
Splunk Security Engineer
3 weeks ago
Boston, Massachusetts, United States GuidePoint Security Full timeAt GuidePoint Security, we are seeking a highly skilled Splunk Security Engineer to join our team. As a Splunk Security Engineer, you will be responsible for driving complex security-focused deployments of Splunk while working side by side with our customers to solve their unique problems across a variety of use cases.Key Responsibilities:Drive complex...
-
Application Security Manager
1 month ago
Boston, Massachusetts, United States Globalization Partners. Full timeJob Title: Application Security ManagerAbout the Role:We are seeking an experienced Application Security Manager to join our team at Globalization Partners. As a key member of our security team, you will be responsible for managing a team of engineers/analysts and building resiliency into the team.Key Responsibilities:Evangelize application security...
-
Director of Application Security
1 month ago
Boston, Massachusetts, United States Globalization Partners. Full timeJob SummaryWe are seeking a highly experienced Senior Manager, Information Security to join our team at Globalization Partners. As a key member of our security team, you will be responsible for leading our application security efforts and ensuring the security of our systems and data.Key ResponsibilitiesTeam Leadership: Manage a team of engineers and...
-
Senior Software Engineer
4 weeks ago
Boston, Massachusetts, United States Snyk Full timeJob DescriptionSnyk is a developer security platform that makes it easy for development teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and cloud infrastructure. As a Senior Software Engineer at Snyk, you'll be at the forefront of building the future of application security.You'll work on a wide range of...
-
Application Security Engineer
1 month ago
Boston, MA, United States MassMutual Full timeThe OpportunityWe are seeking an experienced Application Security Engineer to join our Software Security team and take charge of ensuring the security and integrity of our software applications. The ideal candidate will have advanced knowledge of secure software development, extensive experience with identifying vulnerabilities, and the ability to implement...
-
Application Security Engineer
6 days ago
Boston, MA, United States MassMutual Full timeThe OpportunityWe are seeking an experienced Application Security Engineer to join our Software Security team and take charge of ensuring the security and integrity of our software applications. The ideal candidate will have advanced knowledge of secure software development, extensive experience with identifying vulnerabilities, and the ability to implement...
-
Senior Cloud Security Specialist
3 weeks ago
Boston, Massachusetts, United States Aqua Security Full timeCloud Native Security EngineerAqua Security is a global leader in cloud-native security, safeguarding software infrastructure from development to production. As a rapidly growing player in the cloud-native security space, we champion innovation, collaboration, and growth.We're seeking a talented Security Engineer to join our elite Security team and enhance...
-
Senior Cloud Security Specialist
3 weeks ago
Boston, Massachusetts, United States Aqua Security Full timeAqua Security is a global leader in cloud-native security, safeguarding software infrastructure from development to production.We're seeking a talented Security Engineer to enhance our vulnerability management and compliance operations.This role offers the opportunity to manage vulnerabilities, conduct security scans, and oversee the security...
-
Senior Software Engineer
2 weeks ago
Boston, Massachusetts, United States Snyk Full timeAbout the RoleWe are seeking a highly skilled Senior Software Engineer to join our Developer Experience team at Snyk. As a key member of our team, you will be responsible for designing and implementing high-quality solutions to complex problems, building systems with a long-term perspective, and supporting our customers by resolving bugs and customer support...
-
Senior Manager of Application Security
3 weeks ago
Boston, Massachusetts, United States Globalization Partners. Full timeAbout the Role:We are seeking a highly experienced Senior Manager of Application Security to join our team at Globalization Partners. As a key member of our security team, you will be responsible for managing a team of engineers/analysts and building resiliency into the team.Key Responsibilities:Evangelize application security fundamentals and act as a...
-
Sr. Manager, Information Security
4 months ago
Boston, United States Globalization Partners. Full timeWhat you will do: Manage a team of engineers/analysts and build resiliency into the team. Evangelize application security fundamentals and act as a consultative partner to development teams. Implement and leverage SAST/DAST/SCA security tools like Veracode and Snyk. Make recommendations on application security tools. Guide and perform security...
-
Security Engineer, Security
5 days ago
Boston, United States Amazon Full timeSecurity Engineer, Business Information Risk At Audible, we believe stories have the power to transform lives. It's why we work with some of the world's leading creators to produce and share audio storytelling with our millions of global listeners. We are dreamers and inventors who come from a wide range of backgrounds and experiences to empower and inspire...
-
Director, Application Security Architect
5 days ago
Boston, United States Fidelity Investments Full timeJob Description: The Role At Fidelity Asset Management Technology, we are seeking a highly motivated and experienced Application Security Architect to drive strategic security initiatives across our entire technology landscape. In this role, you will work directly with product teams across Asset Management Technology and the enterprise to design secure...
-
Senior IT Security Engineer
3 weeks ago
Boston, Massachusetts, United States HCL Technologies Full timeJob Summary:The IT Security Principal Engineer position is responsible for reviewing, evaluating, designing, engineering, implementing, and maintaining advanced security products, processes, and associated policies for the Corporation.The intended engineered solutions can represent IT security functions in areas such as threat and vulnerability management,...
-
Information Security Engineer
5 days ago
Boston, United States Shorelight Full timeInformation Security EngineerBoston, MassachusettsAbout UsShorelight is reinventing the international education experience for students worldwide. Based in Boston, the company works directly with top–ranked, nonprofit American universities to build innovative programs and high–touch, technology–driven services that help talented students thrive and...
-
Information Security Engineer
5 days ago
Boston, United States Shorelight Full timeInformation Security EngineerBoston, MassachusettsAbout UsShorelight is reinventing the international education experience for students worldwide. Based in Boston, the company works directly with top-ranked, nonprofit American universities to build innovative programs and high-touch, technology-driven services that help talented students thrive and become...
-
Security Engineer
4 weeks ago
Boston, United States CPS Insurance Services Full timeWe are hiring a Security Engineer with a specialization in APIs to join our DevSecOps team. The ideal candidate will play a crucial role in enhancing our APIcentric development approach managing API security tools and ensuring the security of our systems within an Azure environment. Our DevSecOps team is focused on high performance tracking work in a...
-
Security Engineer
2 months ago
Boston, United States CPS Insurance Services Full timeWe are hiring a Security Engineer with a specialization in APIs to join our DevSecOps team. The ideal candidate will play a crucial role in enhancing our API-centric development approach, managing API security tools, and ensuring the security of our systems within an Azure environment. Our DevSecOps team is focused on high performance, tracking work in a...
-
Security Engineer
1 month ago
Boston, United States CPS Insurance Services Full timeWe are hiring a Security Engineer with a specialization in APIs to join our DevSecOps team. The ideal candidate will play a crucial role in enhancing our APIcentric development approach managing API security tools and ensuring the security of our systems within an Azure environment. Our DevSecOps team is focused on high performance tracking work in a...
