Senior Application Security Engineer

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For list for ten consecutive years. We have also earned awards as a best place to work for women, diversity, and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

Job Profile Summary: The Security Engineer is responsible for providing operational security solutions that enable the success of IT and business initiatives. The Security Engineer collaborates with IT groups, client managers, business customers, third parties, vendors, and auditors. They co-design (with Security Architect) and operationalize security solutions that can be delegated to Security Analysts or other support functions. The scope covers technical and administrative controls ensuring the protection and availability of business and IT systems. The Security Architect defines the organization's information security architecture, standards, and risk prioritization, coordinating design activities and developing secure frameworks, guidelines, and metrics aligned with security policies and strategies.

• Application Security Strategy: Develop, implement, and maintain a comprehensive application security strategy aligned with business goals and regulations, utilizing industry-leading tools.
• Security Assessments: Conduct security assessments (SAST/DAST, penetration testing, code reviews) using tools like Veracode and Burp Suite; collaborate with development teams to remediate vulnerabilities.
• Risk Management: Identify and assess security risks; develop mitigation strategies ensuring compliance with frameworks like OWASP, NIST, ISO 27001.
• Secure SDLC: Integrate security into the software development lifecycle; provide guidance and training on secure coding, testing, and tools such as GitHub and Jenkins.
• Incident Response: Lead response efforts for application security breaches; perform root cause analysis and implement corrective actions.
• Security Tools and Technologies: Evaluate, implement, and manage security tools; stay updated on security trends and threats.
• Compliance: Ensure adherence to industry standards and regulations; prepare documentation for audits.
• Collaboration: Work with cross-functional teams to embed security requirements throughout the application lifecycle.
• Mentorship: Mentor junior security team members; promote security awareness and continuous improvement.

• Education: Bachelor's or Master's in Computer Science, Information Security, or related field.
• Experience: 8-10 years in application security or related, with a proven record in securing complex fintech applications.
• Certifications: CISSP, CEH, OSCP, CSSLP preferred.
• Technical Skills: Deep knowledge of application security principles, secure coding, testing methodologies, and tools like Veracode, Burp Suite, GitHub, Jenkins.
• Analytical Skills: Strong problem-solving abilities to identify and mitigate risks.
• Communication: Excellent verbal and written skills for technical and non-technical audiences.
• Leadership: Experience leading security initiatives across teams.
• Adaptability: Ability to thrive in a fast-paced environment.
• Collaboration: Strong interpersonal skills for effective teamwork.

Salary Range: $146,200.00 - $182,700.00

This range is an estimate at posting time; pay depends on knowledge, skills, experience, business needs, and location.