MetLife Employment – Specialist

Job Description:

Application Security plays a critical role in ensuring the security of MetLife’s applications assets while protecting customer and MetLife data and is a top area of focus at MetLife. As part of Application Security team, we are responsible to support cybersecurity globally by helping the application development (AD) teams through the entire AppSec program by continuous and rigorous monitoring and testing of in scope applications to identify the security threats/vulnerabilities that may be exploitable and accordingly remediate, mitigate, or accept the risk as per MetLife Application Security policy and control standards.

Job Responsibilities:

• Deploy and operationalize Runtime Application Self Protection (RASP) technologies
• Integrating threat modeling practices into the product life cycle
• Use testing methods to pinpoint ways that attackers could exploit weaknesses in security systems
• Integrating security tools, standards, and processes into the product life cycle (PLC)
• Providing manual penetration testing and standards gap analysis services to internal business and technology partners
• Perform Web and Mobile Application Ethical Hacking, threat assessments, Web Services penetration testing (RESTful and SOAP) using both automated and manual techniques
• Managing annual penetration testing services, including both expert consulting and managed services
• Providing security requirements for test‐driven design
• Perform security tests on cloud networks, web-based applications/mobile-applications (Android & iOS)
• Maintain knowledge of adversary Tactics, Techniques and Procedures (TTP), assess critical cybersecurity incidents and review detective/preventive controls across each stage of the Cyber Kill Chain
• Improving and supporting application security tool deployments including Static Analysis and runtime testing tools
• Implement Application/Website inventory controls to support continuous monitoring of MetLife’s attack surface, identify threats, prioritize remediation, and report potential risks to the organization
• Supporting the incident response and architecture review processes whenever application security expertise is needed
• Managing application framework and perimeter security improvement projects
• Supporting Vendor Security activities to ensure 3rd‐party software and development meets MetLife security standards
• Producing metrics reporting the state of application security
• Ensuring that developers and QA personnel are trained with appropriate level of security knowledge to perform their daily activities
• Improving and maintaining secure development standards
• Scanning Internet & Intranet accessible applications – SAST & DAST scans

Job Requirements:

• Participation in the daily planning, tracking, scheduling and execution of deliverables, management activities
  IDS/IPS, penetration and vulnerability testing
• Deliver client engagements in Application Security and Vulnerability Assessment/Penetration Testing
• C, C++, C#, Java or PHP programming languages (preferred)
• Exposure to IT Archer Findings
• Must process problem solving, planning, and analytical skills to drive continuous improvements
• SAST, DAST, BurpSuite, Cyberpion, Signal Sciences scanning
• ISO 27001/27002, ITIL and COBIT frameworks
• Knowledge of Databases, Networks, Hardware, Firewalls and Encryption
• Exposure to enterprise share-point
• Write and maintain technical documentation including design docs, test plans, project plans, procedures, incident reports and troubleshooting guides
• Intermediate MS Office skills
• Application security and encryption technologies
• Serve as the subject matter expert on number of security technologies and security centric standardizations
• Secure coding practices, ethical hacking and threat modeling
• Should have excellent understanding of common Web Application vulnerabilities like SQLi, XSS, CSRF, and HTTP Flooding
• Windows, UNIX and Linux operating systems

Qualification & Experience:

• Bachelor’s degree in Computer Science, Cyber Security or a related field
• 8 years of overall industry experience with minimum 7 years of experience in Application Security field
• Good experience in conducting Application level testing (SAST/DAST/AEH)
• Certified/Experience with Veracode, BurpSuite, Cyberpion, Signal Sciences, Nessus, NMap, etc. (preferably BurpSuite and Veracode SAST/DAST testing experience)
• IT Graduate
• Certifications – CIISP, GIAC Penetration Tester (GPEN), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensics Analyst (GCFA), Certified Ethical Hacker (CEH), Offensive Security OSCP, OSWE or OSCE certifications preferred

Job Details:

Company: MetLife

Vacancy Type: Full Time

Job Location: Evansville, IN, US

Application Deadline: N/A

Apply Here

Jobsfiller.net