Senior Application Security Engineer

Why We Work at Dun & Bradstreet

We are at a transformational moment in our company journey - and we're so excited about it. Each day, we are finding new ways to strengthen our award-winning culture, and to accelerate creativity, innovation and growth. Our purpose is to help customers improve business performance with Dun & Bradstreet's Data Cloud and Live Business Identity, and we're wildly passionate and committed to this purpose. So, if you're looking to make an immediate impact at a company that welcomes bold and diverse thinking, come join us!

Team Overview: Product Security/Application Security team consists of consists of software security professionals. The team works very closely with business and the technology team to implement security controls and to ensure that the D&B products are free of any security defects and vulnerabilities. The team has subject matter experts in the following areas

1. Application Security Architect
2. Application Security Engineer
3. Penetration Testers

The Role: Senior Security Engineer will be a senior member of the Application Security team and will lead multiple initiatives for the firm. In this role, the individual will use their deep experience with application security and will contribute towards building the application security roadmap. In addition, they possess a solid understanding of secure SDLC concepts and application security testing e.g. SAST, DAST, pen testing etc. The understanding of key application security concepts such as authentication, authorization, encryption, key management is highly desirable. The individual will be responsible for implementing software security controls as part of the secure SDLC pipeline and will achieve automation and scalability to support the D&B portfolio. The individual will also interact with businesses on a regular basis and will generate appropriate KPI/KRI's to discuss the effectiveness and status of the program.

Key Responsibilities:
• Develop SecDevOps practices by implementing key controls (SAST/DAST/SCA) in the SDLC
• Drive business compliance to application security standards and controls e.g. vulnerability remediation, SAST/SCA onboarding
• Work towards developing the application security roadmap for the firm
• Provide leadership on different forums on promoting security awareness, including recommended solutions and staying current on net new threats, vulnerabilities and OWASP best practices
• Manage application security projects to address continuous risk and threats and to reduce vulnerability exposure for the firm.

Key Requirements:
• Bachelor's degree
• 10+ years of working experience in cyber security, preferably in application security, secure SDLC and application development
• Experience with Jenkins and other build automation tools as part of the CI-CD deployments
• Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM).
• Strong technical acumen, communication and influence skills to demonstrate effectiveness of different application security initiatives
• Solid understanding of: OWASP Top 10, NVD, CVSS scoring, application assessments
• Strong background in application security and well informed on key application security controls
• Must have experience with implementing and managing static scanning tools and open source scanning tools
• Must have experience with CI/CD implementation processes and integration of security tools with build automation tools
• Strong experience on guiding development teams on secure coding practices
• Background and solid understanding of key security concepts such as OWASP, CVSS, CWE etc
• Experience with manual code reviews and security issue triaging.
• Experience with scripting languages such as python
• Strong organization skills with high attention to detail.
• Able to work independently with minimal supervision
• Excellent communication skills - written, verbal, presentation and interpersonal
• Willing to learn new skills and implement new technologies

Dun & Bradstreet is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, age, national origin, citizenship status, disability status, sexual orientation, gender identity or expression, pregnancy, genetic information, protected military and veteran status, ancestry, marital status, medical condition (cancer and genetic characteristics) or any other characteristic protected by law.

We are committed to Equal Employment Opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with Dun & Bradstreet and need special assistance or an accommodation to use our website or to apply for a position, please send an e-mail with your request to [email protected]. Determination on requests for reasonable accommodation are made on a case-by-case basis.

Please note that all Dun & Bradstreet job postings can be found at https://dnb.wd1.myworkdayjobs.com/Careers and all communication from Dun & Bradstreet will come from an email address ending in @dnb.com.