Senior Application Security Engineer

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has believed in its people. We foster an environment where everyone feels welcome, supported, and empowered to innovate and reach their full potential. Our inclusive, people-first culture has earned numerous accolades, including being named to the Fortune 100 Best Companies to Work For list for ten consecutive years. We are committed to being a great place to work for all. For more information, visit www.careers.firstam.com.

The Security Engineer is responsible for providing operational security solutions to support IT and business initiatives. They collaborate with IT groups, client managers, business customers, third-party vendors, and auditors. The Security Engineer co-designs and operationalizes security solutions, which can be delegated to Security Analysts or support teams. Their scope includes technical and administrative controls to ensure the protection and availability of business and IT systems. The Security Architect defines the organization's security architecture and standards, creating risk-based priorities and developing secure frameworks and guidelines.

1. Application Security Strategy: Develop and maintain a comprehensive application security strategy aligned with business goals and regulatory requirements, using industry tools.
2. Security Assessments: Conduct security assessments, including SAST/DAST, penetration testing, and code reviews with tools like Veracode and Burp Suite. Collaborate with development teams to remediate vulnerabilities.
3. Risk Management: Identify and assess security risks, develop mitigation strategies, and ensure compliance with frameworks like OWASP, NIST, and ISO 27001.
4. Secure SDLC: Integrate security practices into the software development lifecycle. Provide guidance on secure coding, testing, and tools like GitHub and Jenkins.
5. Incident Response: Lead response efforts for security breaches, conduct root cause analysis, and implement corrective actions.
6. Security Tools and Technologies: Evaluate, implement, and manage security tools, staying updated on trends and threats.
7. Compliance: Ensure adherence to industry standards and regulations, and prepare documentation for audits.
8. Collaboration: Work with cross-functional teams to embed security into all phases of application development.
9. Mentorship: Guide junior team members and promote a culture of security awareness.

Education, Experience, Certifications:

• Bachelor's or Master's in Computer Science, Information Security, or related field.
• 8-10 years of experience in application security, preferably in a fintech environment.
• Certifications such as CISSP, CEH, OSCP, or CSSLP are highly desirable.
• Strong knowledge of application security principles, secure coding, and testing tools like Veracode and Burp Suite.
• Excellent analytical, communication, and leadership skills.
• Ability to adapt and work effectively in a fast-paced environment.

Salary Range: $146,200 - $182,700. Compensation is based on experience, skills, and location.

We embrace individuality and support diversity, equity, and inclusion. Our culture celebrates authenticity and inclusivity. First American is an equal opportunity employer and encourages you to bring your full self to work.

Note: For candidates working in unincorporated areas within Los Angeles County, additional considerations apply, including criminal history reviews in compliance with local laws.

Our benefits include medical, dental, vision, 401(k), PTO, sick leave, and an employee stock purchase plan.