Senior Application Security SpecialistInformation Services - Information Security, Information Technology Job ID 2022-12334 Primary Location: Johnston, Rhode Island 09/23/2022
More information about this job:
FM Global is a leading property insurer of the world's largest businesses, providing more than one-third of FORTUNE 1000-size companies with engineering-based risk management and property insurance solutions. FM Global helps clients maintain continuity in their business operations by drawing upon state-of-the-art loss-prevention engineering and research; risk management skills and support services; tailored risk transfer capabilities; and superior financial strength. To do so, we rely on a dynamic, culturally diverse group of employees, working in more than 100 countries, in a variety of challenging roles.
This position is open to candidates seeking remote opportunities that are comfortable with quarterly travel to Headquarters located in Johnston, RI.
The Vulnerability Management team is responsible for infrastructure vulnerability scanning, static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA) and penetration testing for applications. As we continue to invest in cyber security, our team is growing, and we are looking for an experienced and dedicated cyber professional whose main focus will be the administration of our application penetration testing program.
- Being a great partner with penetration testing service provider
- Assurance of quality/efficiency of penetration testing services
- Working with internal stakeholders and partners to ensure and support their consumption of services
- Working with the Business to effectively communicate the risks of identified findings and support the selection of cost-effective security controls to mitigate identified risks.
- Stay abreast in the industry with attacker/adversary tactics and techniques (e.g. MITRE/OWASP) as well as best practices for secure development and system engineering
- Provides analysis and validation post remediation, opportunities for improvements and out of the box thinking for optimizations and resolving roadblocks.
- Ensures findings are presented in appropriate dashboards, reports
5+ years of demonstrated ability in information technology, security administration, business analysis, risk, audit, compliance, computer forensics, network perimeter security or other related field.
Experience working with vendors and resellers, handling vendor/reseller relationships, and bringing available resources to bear to solve problems or realize opportunities.
Experience managing/leading projects and ability to produce any vital artifacts.
- Strong verbal and written communication skills.
- Solid Interpersonal skills.
- Ability to coordinate activities with team members and other stakeholders.
- Excellent customer service skills.
- Must have a good work ethic, great time management skills and a positive attitude.
- Ability to work independently or on a team
- Ability to multi-task and change priorities with effective results.
- Solid understanding of at least one of the following areas: operating systems, databases, systems, networks, application development.
- Strong knowledge of computer vulnerabilities, hacker methodologies and other threats.
- Strong MS Excel and reporting skills required. Experience using PowerBI strongly preferred.
- Ability to leverage various trusted sources of information (articles, webinars, Internet, etc.) to gain accurate knowledge of current security threats, vulnerabilities, mitigating strategies to address them and then recommend and implement appropriate solutions for the FM Global organization.
- Basic understanding of REST APIs (GraphQL a plus)
- Ability to read and comprehend Postman, PowerShell, Thunder Client, etc. scripts
Bachelor’s Degree in Information Security / Assurance, Computer Science, Information Technology, or a related field, or equivalent work experience or technical training with a non-related degree.
Related certifications such as PWAPT, GWAPT a plus.
IT Security Certifications such as Certified Vulnerability Assessor (CVA), CIPP (Certified Information Privacy Professional), CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information System Auditor), CISSP (Certified Information Security Professional) or CISM (Certified Information Systems Manager) is a plus!
The salary range for this position is $91,400 to $131,300. The final salary offer will vary based on geographic location, individual education, skills, and experience. The position is eligible to participate in FM Global’s comprehensive Total Rewards program that includes an incentive plan, generous health and well-being programs, a 401(k) and pension plan, career development opportunities, tuition reimbursement, flexible work, time off allowances and much more.
FM Global is an Equal Opportunity Employer and is committed to attracting, developing, and retaining a diverse workforce.
Please note that all FM Global visitors, including external candidates interviewing for open positions will be required to be vaccinated and should be prepared to provide proof of vaccination.
BEING FM Global
Inclusion, Diversity & Equity
We’re creating a company-wide culture that recognizes how essential this work is to our overall success.
Learn More about Diversity and Inclusion
FM Global Learning
We’re building technical skills and leadership capabilities across the enterprise, with new solutions for learning.
Learn More about FM Global's Learning Center