Information Security Engineer (AppSec)

DMBA provides a variety of benefits including health, life, and retirement to employees of the Church of Jesus Christ of Latter-day Saints and its affiliates.

DMBA began operations in 1970 and is now in its 54th year of supporting the Church of Jesus Christ of Latter-day Saints and its mission.

Position Summary :

DMBA is looking for an Information Security Engineer to join the Information Security Team. The Information Security Team reports to the Chief Technology Officer and is responsible for the Information security program.

This technical operations role will support various development, cloud, and red team projects to safeguard sensitive business information.

Responsibilities :

• Help define and implement a comprehensive application security program to protect the confidentiality, integrity, and availability of company assets
• Establish reuseable policy and procedures
• Serve as an authority on application security with development and operations teams
• Evaluate company attack surface to detect misconfigurations, vulnerabilities, or weaknesses requiring mitigation
• Partner with development teams to perform various code, credential, and SCA scans
• Design, implement, and automate reasonable controls in cloud CI / CD environments
• Support the creation and implementation of a red team function and partner with security operations to test detection capabilities and weaknesses
• Help define the scope for annual and periodic penetration assessments
• Actively participate in architectural discussions with other engineers and support staff on various information security topics such as ZTNA, observability, API security, and emergent technologies (AI / ML, etc.)
• Participate in the incident response process to support the identification, eradication, and recovery of systems.
• Create architecture and application documentation
• Help define procedures to formalize and mature application security
• Support various security projects and participate in solution selection and enhancements
• Be an active participant in building the information security program by evaluating and suggesting new solutions and ideas and championing the information security program

Qualifications and Experience :

• 4-year Bachelor's degree or equivalent experience
• 4-7 years of IT and information security experience
• 2-3 years of development experience
• Strong understanding of information security best practices and security frameworks (NIST CSF, ISO 27001, ISO27005, CIS Controls, HITRUST, etc.

as they pertain to application security

• Working knowledge of the OWASP top 10
• Deep knowledge of databases, common operating systems (Windows / Linux), networking, application, and cloud environments
• CASE, CEH, AWS, or equivalent information security training and expertise
• Experience with HIPAA, DOL Information security best practices, international, federal, and state privacy laws
• Experience with C#, .NET, and JavaScript
• Developing, hardening, and securing APIs

Other Qualifications :

• Ability to work with various IT and Business teams to address sensitive topics and risk
• Strong management and business communication skills
• Deep technical understanding and ability to apply it to complex technical and business solutions
• Expertise in project management and prioritization
• Highly motivated team player with a desire to improve the information security program
• Work in a hybrid remote work and office work environment

What We Offer :

• Competitive pay
• Rich medical, vision and dental benefits with low premiums (we are the #1 health plan in Utah!)
• Rich retirement planning; including 401(k) company match, 8% Retirement Plus Plan (we just give you free money for retirement), life insurance, and full service Financial Planners onsite at no cost
• Generous paid leave plan that starts accruing your first day, your birthday off, additional sick leave and 11 paid holidays
• World class wellness program with health coaching, ability to earn 3 additional days off a year, fun activities and an onsite gym.
• Tuition reimbursement
• Career development through company sponsored programs and over 5000 on-demand online training courses.

Job Posted by ApplicantPro