Edtech.com's Summary

Frontline Education is hiring a Senior Application Security Engineer. The role involves working with the security team to identify and address security weaknesses in cloud and web applications, while collaborating with various departments to implement secure development standards. You will also handle security incidents, conduct assessments, and lead efforts to integrate security into the Software Development Lifecycle.

Highlights

Main responsibilities include establishing security measures, collaborating with other teams, and addressing security incidents.
Proficiency with security tools such as SAST, DAST, and security frameworks are required.
Compensation includes a competitive base salary, target bonus plan, and outstanding benefits like unlimited PTO.
Requires at least 4 years of experience in application security or related fields.
Hands-on experience with application security tools like Snyk and Burp Suite is essential.
Must understand secure coding practices and be familiar with DevSecOps methodologies.
Benefits include career advancement opportunities and a supportive team environment.
Knowledge of industry-standard security frameworks such as NIST and ISO 27001 is important.

Senior Application Security Engineer Full Description

Senior Application Security Engineer

Hybrid to Wayne, PA or Remote

Description

Frontline Education is the leading provider of school administration software, empowering strategic K-12 leaders with the right tools, data, and insights to proactively manage human capital, business operations and special education. Educational organizations representing over 80,000 schools and millions of educators, administrators, and support personnel have partnered with Frontline Education in their efforts to develop the next generation of learners. Frontline is dedicated to driving engagement across K-12 school systems and supporting the continuous improvement of employee effectiveness and efficiency with solutions for proactive recruiting and hiring, absence and time, professional growth, student information systems, special education and interventions, payroll, benefits, and financial management.

The Role

We are seeking a Senior Application Security Engineer for an exciting opportunity to be part of a security team, in a growing company and evolving industry. This is a remote role with standard working hours aligned to Eastern Standard Time (EST). Flexibility is required, as you may occasionally need to work outside regular hours to address incidents or other critical needs, this role will report to the CISO and engage other stakeholders across the organization to drive change and promote security.

Our mission is broad, and our team is small, cooperative, and agile. We will look toward your unique skills to approach and solve problems in your own way. Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead cross-functionally. As Senior Application Security Engineer, you will lead our efforts to identify and address cloud and web application security weaknesses.

Responsibilities

Assist the CISO in cultivating and maintaining a strong security culture within the organization by driving continuous improvement and achieving high standards in application security.
Establish, implement, and monitor security measures to protect the Frontline suite of applications while ensuring compliance with internal and regulatory standards such as ISO27001, PCI, and SOC2 requirements.
Collaborate with Product, Development, Core Engineering, Infrastructure, Corporate IT, and Cloud Operations teams to define secure development standards and implement application security best practices across web and mobile platforms.
Stay informed about emerging technologies and evolving security threats, applying this knowledge to enhance security measures and support ongoing development initiatives.
Develop and report metrics to measure the effectiveness of the application security program and identify areas for improvement.
Provide guidance for addressing emerging threats and mitigating vulnerabilities, including supporting technical audits and ensuring compliance with relevant standards and regulations.
Participate actively in the Security Incident Response Team to respond to, investigate, contain, and remediate security incidents, including computer-based attacks, unauthorized access, and policy breaches.
Conduct both manual and automated security assessments, including vulnerability assessments and penetration testing, to identify risks and prioritize remediation efforts.
Deploy and manage a range of security technologies, such as Web Application Firewalls (WAF), SAST/DAST/IAST, RASP, penetration testing tools like Burp Suite, and other threat detection systems.
Conduct and monitor Independent Validation and Verification (IV&V) testing for software applications and systems to ensure comprehensive security compliance.
Champion and lead efforts to integrate security into Continuous Integration, Continuous Testing, and Secure Software Development Lifecycle (SDLC) pipelines.
Engage cross-departmentally to respond to security incidents and provide remediation guidance as necessary, ensuring alignment with organizational policies and workflows.
Influence team culture by leading through example, mentoring junior team members, and fostering collaboration to enhance team cohesion and performance.
Handle on-call duties as needed to ensure round-the-clock readiness and response to security incidents.
Help set a positive tone within the team by offering support and guidance to drive individual growth and overall success.

Qualifications

Bachelor’s degree or equivalent work experience in Computer Science or a related discipline.
At least 4 years of experience in application security or related fields such as penetration testing, secure software development, or vulnerability management.
Hands-on experience with application security tools, including SAST, DAST, and SCA solutions like Snyk, Tenable, Contrast, or Burp Suite.
Strong knowledge of secure coding practices and an understanding of common software vulnerabilities such as those outlined in the OWASP Top 10 and CWE/SANS Top 25.
Familiarity with DevSecOps methodologies and the integration of security into CI/CD pipelines using tools like GitLab, Jenkins, or Azure DevOps.
Understanding of industry-standard security frameworks and guidelines, including NIST, ISO 27001, and SOC 2.
Knowledge of regulatory requirements and compliance standards such as FERPA, HIPAA, and SOX.
Experience with security frameworks like OWASP SAMM, BSIMM, or the NIST Cybersecurity Framework.
Understanding of cloud security principles for platforms like AWS, Azure, or Google Cloud.
Proven expertise in securing large-scale AWS deployments, including knowledge of threats and risks specific to modern cloud environments and best practices for addressing those risks in the AWS cloud.
Experience in identifying, analyzing, and resolving vulnerabilities in web applications, APIs, and mobile applications.
Capability to conduct threat modeling and perform risk assessments effectively.

Who we are:

We're a group of unique and talented individuals that love what we do. We've been lucky enough to land jobs with a rapidly growing tech company that supports an appreciative and friendly customer base. We work hard to make our customers happy, but we like to have a good time in the process.

We are a company that strives to think in terms of “we” instead of “me.” We believe in the philosophy of servant leadership and that it’s all about putting others first. We also value the balance between family and work.

Our company growth has created a promising environment for career advancement and rewarding challenges. We offer a competitive compensation package including a base salary, target bonus plan and stellar benefits including unlimited PTO.

Frontline Education Vision:

A connected future for school administration that enables every leader, teacher, and student to thrive.

Frontline Education Mission:

Partnering with the education community by providing innovative technology and best practices to empower K-12 schools in their pursuit of excellence.

Frontline Education is an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability status, protected veteran status or any other characteristic protected by law.

Original Job Description

Senior Application Security Engineer

Hybrid to Wayne, PA or Remote

Description

The Role

Responsibilities

Assist the CISO in cultivating and maintaining a strong security culture within the organization by driving continuous improvement and achieving high standards in application security.
Establish, implement, and monitor security measures to protect the Frontline suite of applications while ensuring compliance with internal and regulatory standards such as ISO27001, PCI, and SOC2 requirements.
Collaborate with Product, Development, Core Engineering, Infrastructure, Corporate IT, and Cloud Operations teams to define secure development standards and implement application security best practices across web and mobile platforms.
Stay informed about emerging technologies and evolving security threats, applying this knowledge to enhance security measures and support ongoing development initiatives.
Develop and report metrics to measure the effectiveness of the application security program and identify areas for improvement.
Provide guidance for addressing emerging threats and mitigating vulnerabilities, including supporting technical audits and ensuring compliance with relevant standards and regulations.
Participate actively in the Security Incident Response Team to respond to, investigate, contain, and remediate security incidents, including computer-based attacks, unauthorized access, and policy breaches.
Conduct both manual and automated security assessments, including vulnerability assessments and penetration testing, to identify risks and prioritize remediation efforts.
Deploy and manage a range of security technologies, such as Web Application Firewalls (WAF), SAST/DAST/IAST, RASP, penetration testing tools like Burp Suite, and other threat detection systems.
Conduct and monitor Independent Validation and Verification (IV&V) testing for software applications and systems to ensure comprehensive security compliance.
Champion and lead efforts to integrate security into Continuous Integration, Continuous Testing, and Secure Software Development Lifecycle (SDLC) pipelines.
Engage cross-departmentally to respond to security incidents and provide remediation guidance as necessary, ensuring alignment with organizational policies and workflows.
Influence team culture by leading through example, mentoring junior team members, and fostering collaboration to enhance team cohesion and performance.
Handle on-call duties as needed to ensure round-the-clock readiness and response to security incidents.
Help set a positive tone within the team by offering support and guidance to drive individual growth and overall success.

Qualifications

Bachelor’s degree or equivalent work experience in Computer Science or a related discipline.
At least 4 years of experience in application security or related fields such as penetration testing, secure software development, or vulnerability management.
Hands-on experience with application security tools, including SAST, DAST, and SCA solutions like Snyk, Tenable, Contrast, or Burp Suite.
Strong knowledge of secure coding practices and an understanding of common software vulnerabilities such as those outlined in the OWASP Top 10 and CWE/SANS Top 25.
Familiarity with DevSecOps methodologies and the integration of security into CI/CD pipelines using tools like GitLab, Jenkins, or Azure DevOps.
Understanding of industry-standard security frameworks and guidelines, including NIST, ISO 27001, and SOC 2.
Knowledge of regulatory requirements and compliance standards such as FERPA, HIPAA, and SOX.
Experience with security frameworks like OWASP SAMM, BSIMM, or the NIST Cybersecurity Framework.
Understanding of cloud security principles for platforms like AWS, Azure, or Google Cloud.
Proven expertise in securing large-scale AWS deployments, including knowledge of threats and risks specific to modern cloud environments and best practices for addressing those risks in the AWS cloud.
Experience in identifying, analyzing, and resolving vulnerabilities in web applications, APIs, and mobile applications.
Capability to conduct threat modeling and perform risk assessments effectively.

Who we are:

Frontline Education Vision:

A connected future for school administration that enables every leader, teacher, and student to thrive.

Frontline Education Mission:

Partnering with the education community by providing innovative technology and best practices to empower K-12 schools in their pursuit of excellence.

Let me find your next job.

Thanks - you're signed up.

Senior Application Security Engineer

Edtech.com's Summary

Senior Application Security Engineer Full Description

Information Security Analyst

IT Security Engineer II

Lead Cloud Security Engineer

Application Security Engineer

Security Assurance Analyst (Remote)