Application Security Senior Engineer

Job Description

NielsenIQis maturingitsApplicationSecurity programsandisrecruitinganApplicationSecurity SeniorEngineerwho will be responsible forevaluatingthe tools, processes and procedures used to securethe DevOps pipeline.You will be supporting programsacross all geographies andbusiness units.

As theApplicationSecurity SeniorEngineer, you will be responsible formaintaining the tools and technologies thatused to analyze andsecureapplication code.You will overseeapplicationsecuritytools and technologieswithina multi-national matrixed environment.Theapplicationsecurity engineer will have the opportunity to replace the currentStatic and Dynamic Application Security Toolandadvocate forthe techstack used for monitoring.

Thisposition will involve workingclosely withcloud security team, business units, technical and non-technical stakeholdersto drive the adoption and maturity of the NIQ’sApplicationsecurityprograms.

• Develop and maintain NIQ’s Bug Bounty Program

• Overseethreat modelingprogram for enterprise applications

• Work closely with the DevOps team to identify areas of improvement

• Simplify security tool integration into the CI/CDpipeline

• Build and maintain asecurity champions program and security training for developers

• Conduct root cause analysis on common security findings

• Review IaaS / PaaS architecture roadmaps for the cloud to and recommendbaseline security controls and hardening requirements

• Bachelor’s degree in a technical field including Computer Science, Information Systems, Math,Physics, Science or similar desired - experience in government, military or in other capacities withsimilar focus can be substituted

• Fall asleep dreaming of the OWASP Top ten

• Knowledge ofCloud Workload Protection Platforms such as Azure Security Center, Wiz, Palo Alto Prisma, Orca Security, etc.

• Experience using JIRA, ServiceNow and Confluence

• Experience working with government or military including nation state and sophisticatedcybercrimeexperience including knowledge of sophisticated hacking techniques, malicious actors,IOCs, TTPs and the ability to translate intelligence into action is highly desirable

• Experience migrating legacy applications to a microservices architecture

• Experience with CI/CD pipeline including tools such as Bitbucket, Gitlab, Jenkins, Terraform

• Experience with DevOps methodologies, processes, and technologies

• Experience using SAST and DAST tools such asCheckmarx,Netsparker,R7InsightAppSec

• Demonstrated engagement in security conferences, training, learning, associationsishighly desired and fully supported

• Self-starter, technology and security hobbyist, enthusiast

• Lifelong learner with endless curiosity

Additional Information

All your information will be kept confidential according to EEO guidelines.