Application Security Engineer
The Role Value Proposition:
The Application Security team in MetLife’s IT Risk & Security organization plays a critical role in ensuring the security of MetLife’s applications and protecting customer and MetLife data. Application security is a top area of focus at MetLife. We have incorporated key industry security best practices, technologies and integrated processes to further strengthen our defense posture. This is an exciting time to join the Application Security team as we are continuing to expand the team and invest in new capabilities.
- As a key member of our Security Champion advisory practice, will interface with security champions in application development teams, offer consultative advice on secure design and remediation activities. Participate in application security design and architecture review, secure coding standards, threat modeling and risk mitigation analysis.
- Develop and maintain enterprise security libraries, components, best practices, checklists and perform application security risk evaluation, partner with key stakeholders to further enhance application security CI/CD pipeline and continually assess security posture for improvement.
- Present technical solutions to IT Risk and Security leadership, global application development teams and regional CIOs. Continuous evaluation of external web application security posture with a focus on reducing the attack surface, remediation of potential weaknesses and developing effective vulnerability management strategies to mitigate risk.
- Investigate critical cybersecurity incidents, industry research and forensic analysis.
- Support evaluation of new security technologies that not only address current needs but also anticipated future needs based on emerging threats and industry trends.
Essential Business Experience and Technical Skills:
- 5+ years of combined Application Development and Security Engineering or Security Architecture experience
- Developer with strong application security acumen, hands on experience with security design reviews and threat modeling
- SDLC methodologies, common industry practices, supporting technologies/processes experience
- Strong understanding of OWASP Top-10, CWE/SANS Top-25 and BSIMM/SAMM
- Experience managing several testing efforts concurrently
- Strong communication and presentation skills to large global audiences
- Professional certifications such as GWEB, OSCP or CSSLP
To apply for this job email your details to firstname.lastname@example.org