Lead Software Security Engineer
“The limit of our growth is going to be our imagination and product ideas – not technology.” – Mohit Kapoor, CTO
What we’ll bring:
- A welcoming and energetic environment that encourages collaboration and innovation. We consistently explore new technologies and tools to be agile.
- Flexible time off, workplace flexibility, an environment that welcomes continued professional growth through support of tuition reimbursement, conferences and seminars.
- Our culture encourages our people to hone current skills and build new capabilities, while discovering their genius.
- As part of the Global Information Security team, you will support TransUnion Interactive (TUI). The TUI product suite includes TransUnion Credit Monitoring and ID Theft Protection—products that help our customers monitor critical changes in their credit by assisting them with debt analysis, identity theft protection features, and money management tools.
What you’ll bring:
- At least 5 years’ experience in application development (Java EE, Python, web APIs, and Linux scripting) with some exposure to application security
- Understanding of network protocols and hands-on experience in more than one of the following: Web Proxies, Web Application Firewalls, Web Application Vulnerability assessment tools such as Veracode and HP WebInspect
- Working knowledge of Agile development processes and the SDLC
- Strong knowledge of both UNIX and Windows operating systems
- Strong understanding of web hosting platforms and web services
- Working knowledge of remediation methods to address the OWASP Top 10
- Understanding of enterprise computing environments, distributed applications, and container technology
- Exceptional interpersonal skills, with a focus on rapport-building, listening, and questioning skills
- Bachelor’s Degree in Computer Science or related field and
We’d love to see:
- Experience with some or all of the following: Packet analysis, Vulnerability analysis, Event Correlation, Forensics, pen-testing, reverse engineering, IOC, advanced threat detection, code analysis
- Experience working in a team-oriented, collaborative environment and ability to present ideas in a user-friendly language
- Ability to absorb and retain information quickly
- Highly self-motivated and directed with an attention to detail
- Ability to effectively prioritize and execute tasks in a high-pressure environment
- Have a strong desire to learn and grow professionally
- Any of the following certifications are desired: CEH, CISSP, CSSLP, OSCP or similar advanced security certification
Impact you’ll make:
- Demonstrate a high level of analytical and problem-solving capability along with the ability to articulate the decision process to multiple management levels as it relates to both business and technical roles
- Engage in critical decisions involving risk, incident response, and security process improvements in critical infrastructure that require unwavering integrity and moral character
- Serve as the subject matter expert on application security and provide security consultation on internal projects focusing on business needs, security’s role in change management, and how data is transmitted internally and to external customers
- Participate in security audits, risk analysis, vulnerability testing and security reviews on many elements of our systems
- Identify security issues and risks, and develop mitigation plans
- Create meaningful metrics on the assessments that have been performed and be able to manage remediation efforts and communication ongoing status
- Provide security review and guidance for projects driven by groups outside of Information Security
- Responsible for a designated set of software tools and the security functionality of these as well as evaluating and recommending new and emerging security products and technologies
- Participate in tier 2 and tier 3 security operations support, incident handling, and other ad hoc projects
- Maintain and update relevant system and process documentation and develop ad-hoc reports as needed
- Successfully manage time and technical responsibilities, set accurate expectations and meet deliverable deadlines while working in a team environment
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, veteran status, marital status, citizenship status, sexual orientation, gender identity or any other characteristic protected by law.
More Information About the Job
Is Relocation Available?
Is there a bonus structure?
Are you open to sponsorship?
This position is:
Is there a possibility to work remote?
Is there equity?
Are there flexible work hours?
Does this position have direct reports?
Who does this position report to?
Manager, Secruity Control
What are the 3-4 non-negotiable requirements on this position?
Strong - Linux experience Practical experience addressing security within an agile development environment Practical experience analyzing application metrics and web traffic to determine risk
What are the nice-to-have skills?
Background with virtualization and secruity containers
TransUnion expressly prohibits the posting of its jobs externally.
Job Status: Full Time