2 Infosec Engineering Jobs

The Senior Manager of Information Security (External Role Description Application / Product Security Architect) will report to the Chief Information Security Officer. As a leader in the Information Security organization, this role will lead the task of refining, managing and executing strategic product/application security roadmap that is based on industry standard software security frameworks. You will plan, implement and track key initiatives focused on product / application security strategy, metrics, compliance, policy, developer awareness, training and stakeholder engagement. You will work closely with multiple teams that make up Information Security, Product Management, Engineering, Legal, Risk and Compliance to improve product / application security controls and drive impactful change to the team and its members. Responsibilities: Bring a deep background and broad experience in Information Security, Application Security, & Application Development or related business areas. Lead a team of high performing individuals who create remediation plans, perform security reviews, and recommend security solutions to meet current and future needs for HMH products and applications. Drive the development and implementation of product and application standard security review processes that result in effective methods for reducing security risks before product releases. Demonstrate an ability to influence all project and portfolio stakeholders; communicate relevant security information to both executive leaders and individual contributors in an effective manner. Accountable for all aspects of staff management, hiring, coaching, training, performance reviews and recommending pay actions and promotions for the Security Engineering team Provide input into the Information Security strategy to ensure that future security investments are aligned appropriately when considering key priorities such as business requirements, industry threat landscape, and risk appetite of HMH. Collaborate closely with the Architecture teams Demonstrated experience handling the demand/supply of project and program resources and tracking allocation. Track policy exceptions and remediation dates through active engagement with development teams and operations teams. Partner with Audit teams to periodically audit controls and secure coding practices being followed by development teams. Staying abreast of latest cyber security threats both internal and external Oversee projects, program delivery, daily monitoring, response; review of cloud infrastructure, physical infrastructure, and the full life cycle of alerts through incident response; and the threat landscape to ensure ongoing and continued maturity of the organization's security controls in addition to service support Drive operational efficiency and excellence leveraging tools, process and automation with appropriate and transparency visibility and metrics that can meet SLAs/SLOs Support and implement controls and visibility to meet third party attestations (SOC2, ISO27001, GDPR, SOX) Balance being collaborative, open, and approachable while still being firm on security policies and in facilitating progress and compromise What you should have: 5 to 6+ years hands-on experience in application security utilizing SAST, DAST, IAST, RASP and WAF. 5+ years of application engineering, architecture or development management experience Proficient analyzing ambiguous problems, compelling communicator with the ability to receive and analyze information, translating security risk to business risk to driving actionable decisions across multiple levels and departments Experience in leading application security remediation work, leading the mitigation initiative to accommodate the developer community priority. Proficient experience with common web application attack vectors and related mitigation strategies that translate to controls within the organization You are highly organized. With many people doing many things in a fast-moving company, strong organizational skillsboth for yourself and for the teamwill be required

We are looking for a professional software engineer, who is passionate and hands-on developing solutions for IAM SSO services, it will require understanding and experience of PingFederate, Ping Access, Ping Directory, Azure SSO, Unix , scripting , experience with Authentication, Authorization , OIDC , SAML concepts implementation and zeal to learn IAM and SSO technologies frameworks. Primary Responsibilities: Identity and Access Management (IAM) is a team in Enterprise Information Security (EIS) division. The driving force behind IAM is to ensure that employees throughout Optum have the best experiences helping the right people or machines to access the right assets at the right time for the right reasons Integrating Applications with Single Sign On (On-premises/cloud) Creating Modern solutions with state of art architecture and help in maintenance and optimization of SSO services Collaborate with Engineering, Operations and Devops teams to improve workflows, infrastructure and user experience Support and work alongside a cross-functional engineering team Work with open-source technologies as needed Brainstorm new products, updates, and solutions to continuously challenge and improve products, performance, system/data backup, security, and customer experience Remain up to date on industry trends, share knowledge among teams and abide by industry best practices Occasional on call duty to support operational needs of IAM SSO service Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications: Bachelors/masters degree in CS, engineering, software engineering, or related field with Strong analytical and problem-solving skills Experience with to Azure Graph APIs to interact with Azure Applications, Identity and user information Experience in PowerShell, groovy scripting, Linux shell scripting, python Experience in Java , Springboot , Rest API , React or Angular Experience in Azure Devops , Github Actions , Github Copilot Experience or eager to learn Ping Access, Ping Federate , Ping Directory , Azure cloud or any other IAM tools Experience and understanding of cloud concepts like server/network virtualization Experience with Identity Management and exposure to Identity Providers (IdP), Service Providers (SP), Single Sign-On (SSO), Security Assertion Markup Language (SAML), OAuth2, OpenID Connect (OIDC), Authentication, Authorization Proven to trouble shoot and resolve issues in our dev, test, and production environments Proven up to date on the latest industry trends, able to articulate trends and potential clearly and confidently Proven ability to work independently with minimal direction Proven excellent verbal and written communication skills Preferred Qualifications: Experience with Azure Certification Experience in Docker and Containers for deploying applications and Docker scripting