Senior Application Security Engineer

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For list for ten consecutive years. We have also earned awards as a best place to work for women, diversity, and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

What We Do

The Security Engineer is responsible for providing operational security solutions that enable the success of IT and business initiatives. They interface with IT groups, client managers, business customers, third parties, vendors, and auditors. The Security Engineer co-designs and operationalizes security solutions in collaboration with the Security Architect, and these solutions can be delegated to Security Analysts or other support functions. The scope includes technical and administrative controls to protect and ensure the availability of business and IT systems. The Security Architect defines the organization's information security architecture, standards, and risk prioritization, coordinating design activities and developing secure frameworks, guidelines, and metrics to support a secure environment aligned with security policies and strategy.

What You'll Do

• Application Security Strategy: Develop and maintain a comprehensive security strategy aligned with business goals and regulatory requirements, utilizing industry-leading tools.
• Security Assessments: Conduct security assessments including SAST/DAST, penetration testing, and code reviews with tools like Veracode and Burp Suite. Collaborate with development teams to remediate issues.
• Risk Management: Identify and assess security risks, develop mitigation strategies, and ensure compliance with frameworks such as OWASP, NIST, and ISO 27001.
• Secure SDLC: Integrate security into the software development lifecycle, providing guidance and training on secure coding, testing, and using tools like GitHub and Jenkins.
• Incident Response: Lead incident response efforts, conduct root cause analysis, and implement corrective actions.
• Security Tools and Technologies: Evaluate, implement, and manage security tools, staying updated on trends and threats.
• Compliance: Ensure adherence to industry standards and regulations, preparing documentation for audits.
• Collaboration: Work with cross-functional teams to embed security requirements throughout the application lifecycle.
• Mentorship: Guide junior team members and promote a culture of security awareness.

What You'll Bring

• Education: Bachelor's or Master's in Computer Science, Information Security, or related field.
• Experience: 8-10 years in application security, with a track record in fintech environments.
• Certifications: CISSP, CEH, OSCP, CSSLP preferred.
• Technical Skills: Deep knowledge of application security, secure coding, testing tools like Veracode, Burp Suite, and development environments such as GitHub and Jenkins.
• Analytical Skills: Strong problem-solving abilities.
• Communication: Excellent verbal and written skills for diverse audiences.
• Leadership: Proven ability to lead security initiatives.
• Adaptability and Collaboration: Ability to work in fast-paced settings and build effective relationships.

Salary Range: $146,200 - $182,700

This range is an estimate and actual pay will depend on various factors including experience, skills, and location.

What We Offer

We embrace individuality and support diversity, equity, and inclusion. Our People First Culture celebrates your unique self. We are an equal opportunity employer.

Note: For candidates working in unincorporated areas within Los Angeles County, additional employment considerations apply, including criminal history review policies.

We offer a comprehensive benefits package including health insurance, 401k, PTO, and stock purchase plans.