Apply Now    
Job ID :
Location :
Charlotte, NC US
Level :
Experienced Professional
Job Category :
Information Technology
Description :

Where good people build rewarding careers.

Think that working in the insurance field can’t be exciting, rewarding and challenging? Think again. You’ll help us reinvent protection and retirement to improve customers’ lives. We’ll help you make an impact with our training and mentoring offerings. Here, you’ll have the opportunity to expand and apply your skills in ways you never thought possible. And you’ll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.

Job Description

Application Security Test Engineers are tasked to reuse and develop a security testing framework within the Allstate SDLCs, establish a software security testing assurance process, and work with product delivery teams to build applications securely from start to finish.

The Application Security Engineer will be responsible for integrating security testing into the development of Allstate’s applications. This role will work closely with the product and software development team to threat model, vulnerability scan, and penetration test the software early and identify required control points in the application stack. The Application Security Test Engineer will also work closely with developers to diagnose, document, and remediate application security vulnerabilities. The Application Security Test Engineer will also be responsible for evaluating, recommending, and implementing application security related software in an automated continuous integration/deployment environment. The Test Engineer Lead Consultant is a technical leader in the organization.

Job Description

  • Work closely with application development and platform teams to help formulate and implement a testing strategy for software security that is tailored to the specific risks facing the organization, including threat modeling and applications security advisement services.
  • Develop and maintain a balanced application security testing program based on a well-defined application security framework.
  • Conduct application security assessments/penetration tests and reuse tools for dynamic/automated code reviews.
  • Able to advise risks in the program and testing activities and also propose mitigation plans for encountered risks
  • Able to prioritize work around security testing based on business priorities and assign testing priorities accordingly
  • Continuously evaluate the organization’s existing application security practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization.
  • Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness.
  • Conduct Application, API and penetration testing.
  • Work with Developers to Develop and maintain unit and integration tests designed to ensure security controls are tested on every build.
  • Partner with Allstate Security team to evaluate and perform Root cause analysis on Security Scan reports, understand what remedial actions are needed with development teams and ensure vulnerabilities are closed with highest priority and attention
  • Partner with Flight Product teams to work together on application, API testing and have Security tests run in parallel to ensure Dynamic testing is achieved from Security standpoint
  • Have Security test requirements embedded in the Product development lifecycle
  • Manage Security test engineers across geographies from delivery standpoint, responsible for delivery of Security testing for products and applications
  • Work with Security teams across Allstate to manage, execute and deliver on App Security, API Security and Penetration Security testing

Job Qualifications

• Bachelor’s Degree or equivalent in Computer Science, Information Systems Management, Information Technology, or other related discipline; advanced degree preferred.
• 5 years’ experience as an Application Security Engineer, Application Developer, Architect, Software Quality Assurance.
• Organized, responsive and highly thorough problem solver.
• Possess business acumen with ability to work with application development, QA and security teams.
• A good understanding of application security frameworks.
• Knowledge of the OWASP Top 10 and ASAP standards.
• Must have a good understanding of application security code reviews and penetration testing.
• Practical understanding and use of commercial application security tools.
• Strong self-starter who has the ability to operate independently.
• Has solid understanding and experience with establishing application security testing policies across an organization.
• Excellent oral/written presentation skills with ability to communicate effectively with Leadership; proficiency in preparation of presentations, reports, and documents regarding program status and performance.
• Understanding and Passion for Agile/XP/Scrum/Kanban.
• Understanding of Test Driven Development built on User Stories.
• Understanding of Continuous Integration/Testing/Delivery.
• Be a self starter and manage team member working on Security Testing
• Ability to present Security testing related updates and progress to Leadership
• Be an individual contributor executing Security scans from a technical standpoint

The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.

Good Work. Good Life. Good Hands®.

As a Fortune 100 company and industry leader, we provide a competitive salary – but that’s just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you’ll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.

Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please click "here" for information regarding the San Francisco Fair Chance Ordinance. 

For jobs in Los Angeles, please click "here" for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.

It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.


Apply Now    
Link for schema