Company Summary

First American (India) is a GCC (Global Capability Center) of the First American Financial Corporation (NYSE: FAF) family of companies. FAI is a proud member of the FORTUNE 500 companies and has been amongst the Fortune 100 Best Companies to Work For® list for eight consecutive years. First American Financial Corporation provides comprehensive title insurance, closing/settlement, property data and technology solutions. First American (India) creates quality solutions for its customers by combining software, back office, and knowledge processing operations to fulfill First American's business requirements. Our priorities are our employees, customers, and shareholders - in that order. First American (India) has been ranked amongst India's Best Companies To Work For™ 2023: Listed amongst the Top 100 by Great Place To Work® India, FAI is also certified Best Workplaces for Women and Workplace with Inclusive Practices. Software Services helps build First American's product suite that encompasses the best in class Title Insurance, Settlement and Mortgage solutions platforms. Leverages technology product stack across Microsoft platform predominantly to develop, enhance and maintain the best in class applications. The R & D division delivers solutions for the title insurance industry leveraging the best of NLP, AI and ML.

Job Summary

Enterprise Application Security enhances the ability of the development organization to consistently deliver highly functional applications that are secure and resilient against attack by developing policies, processes, and tools to proactively embed security into First American developed applications.

This position is a Senior Security Engineer - Application Security will perform an Individual contributor role in Secure Software development process.

Responsibilities:

• Secure the SDLC and automate security analysis and scanning with SAST, DAST, SCA and other tooling.
• Perform and Support Manual Penetration Testing
• Responsible for providing technical expertise on secure software development and support of all associated activities, processes, and tools for protecting technology-based information.
• Reviews, develops, tests, and implements security plans, products, and control techniques.
• Maintains awareness of security and technology trends and shares that knowledge with others.
• Mentor security champions in relevant development and IT functions
• Documents security policies and procedures where/when needed.
• Provides implementation support for risk assessment and data security procedures and products.
• Evaluates new and proposed security systems, products, and technologies.
• Reviews circumstances surrounding data security incidents and designs corrective actions.
• Contribute to security coding guidelines for different programming languages.
• Development experience and skills. C#, .Net, Java, Python, JavaScript, Node JS etc...
• Proven capabilities in the analysis, design, development, and implementation using .NET Core, Web API, ASP.Net MVC, WCF, WinForms, WPF, SQL Server, Azure, AWS, etc.
• Strong understanding and working experience with Identifying and guiding application teams in remediating OWASP Top 10 Vulnerabilities and SANS Top 25
• Lead application security reviews and threat modeling, including code review and dynamic testing.
• Implementing software application security controls and designing technical solutions to address security weaknesses
• A good understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols)
• Lead in development of automated security testing to validate that secure coding best practices are being used.
• Strong understanding and experience with common security libraries, security controls, and common security flaws.
• Proactively identify and mitigate against application security risks or incidents.
• Raise awareness of application security requirements through development and review of application security standards, policies, and processes
• Ability to document and effectively communicate technical findings to developer teams and evangelize security practices.

 

Skills, Knowledge, and Experience:

• Bachelor’s degree in computer science engineering or related.
• 5+ years of IT experience.
• Experience with at least one Static Application Security Testing (SAST/DAST) tool (e.g., CheckMarx, HP Fortify SCA, Coverity, Veracode, FindBugs, other), its use, reports results interpretation, developer community support in remediating verified code-associated security vulnerabilities. Product configuration & tuning experience a plus
• Professional experience with software application security, and its associated standards and practices
• Ability to perform Manual Penetration Testing using industry standard tools and technique.
• Experience with the results interpretation of Dynamic Application Security Testing (DAST) reports
• Experience with variety of assessment tools (e.g., BURP, Nessus, Qualys, SQLMap)
• Professional experience as a software application developer in a leading development language (e.g., C#, Java, .NET, C/C++ etc...), having performed web-based application development.
• Professional experience with securing web applications (e.g., understanding attack vectors, system or code vulnerabilities)
• Knowledge and understanding of secure SDLC (System Development Life Cycle) methodologies.
• Excellent verbal and written communication skills
• Experience in drafting application security coding standards.
• Ability to manage highly complex issues and negotiate solutions.
• Knowledge and understanding of Application security threat management and mitigation.
• Application security experience with banking/financial services applications.
• Certified in Industry renowned certifications like CEH and/or similar certifications.

FAI is committed to create an environment that respects, supports and inspires all individuals. We do not discriminate on the basis of color, religion, sex, gender identity, sexual orientation and age. At FAI, we celebrate diversity and believe that an inclusive workforce benefits employees, the organization and our community. We are an Equal Opportunity Employer. For more information about our company and dedication to putting People First, check out https://firstam.wd1.myworkdayjobs.com/faicareers.