W. W. Norton & Company, Inc.
Application Security Engineer- Job Type: Full Time
- Industry Type: IT Sector
- Industry Location: Remote
- Experience: NA
- No. of Positions: 1
- Primary Skills: Vulnerability scanning React.js Networking Node.js IaaS Information security DevOps
- Secondary Skills: Cloud IT Load balancing HTTP FIT
- Job Location: Remote, Remote
- Posted Date: Posted today
Job Description
While known for being the nation’s largest independent, employee-owned book publishing firm, W. W. Norton also has a growing list of digital applications that serve students, instructors, and general readers. The Application Security Engineer will join a team of UX designers, software engineers, project managers, and business analysts to create exceptional products. The person will report to the Director of DevOps and Information Security.
At Norton we believe that software engineering is a creative and collaborative endeavor. Our goal is to build happy, productive teams and processes to deliver quality products that delight W. W. Norton's customers. The Application Security Engineer will be responsible for the security hardening and data protection of W. W. Norton’s e-commerce sites and digital products. This is a hands-on technical position that requires deep technical knowledge and interpersonal communication skills.
If you come into this role, then you will be accountable for the security of digital products deployed by W. W. Norton. You will contribute to architecting solutions and to the adoption of software development best practices. You will also work with the company's IT team to ensure that our digital products conform to the company's policies and responsibilities.
You will be a good fit for this role if you have a solid background in modern enterprise-class application development using NodeJS, React, or other similar frameworks. You will need an ability to master new/emerging technologies, take initiative to offer technical direction and deliver results.
Essential Job Responsibilities Include:
- Review security reports and propose solutions
- Respond to security questionnaires from partners
- Perform static and dynamic analysis of software projects; take steps to automate this type of analysis
- Review application and cloud infrastructure settings and propose actions to strengthen security
- Monitor security dashboards for incidents
- Manage log analytics tools, review and implement tools to fill in gaps
- Prepare incident response plans and training exercises
- Work with Sonarqube or a similar code quality tools
- Utilize Dependency Check or similar software composition analysis tool
- Keep up on threats, industry trends
- Propose actions to make our products better for customers from a security perspective
Experience and Skills:
- 5 years of hands-on professional software development experience
- BS (or equivalent) in Computer Science or related discipline
- Employment eligibility to work with W.W. Norton & Company in the US is required
- Clear understanding of HTTP and browser security concepts such as content security policies, HSTS, and cookie security settings
- Familiar with vulnerability scanners such as FindBugs or VirusTotal
- Experience with a security information and event management tool (preferred)
- Knowledge of load balancer functionality in from cloud providers and web servers (preferred)
- Understanding of cloud networking concepts such as VPCs, security groups and routes (preferred)