Product Security Engineer - (hybrid or remote)

Apply now »

Date Opened: Sep 16, 2023

Location: Belfast, Northern Ireland, GB

Company: Allstate Insurance Company

About Us

 

The world isn’t standing still, and neither is Allstate. We’re moving quickly, looking across our businesses and brands and taking bold steps to better serve customers’ evolving needs. That’s why now is an exciting time to join our team. You’ll have opportunities to take risks, challenge the status quo and shape the future for the greater good.

 

You’ll do all this in an environment of excellence and the highest ethical standards – a place where values such as integrity, inclusive diversity and accountability are paramount. We empower every employee to lead, drive change and give back where they work and live. Our people are our greatest strength, and we work as one team in service of our customers and communities.

 

Allstate operate a very flexible hybrid working policy that will allow you to design your working week in collaboration with your manager with a blend of remote and office working for NI based employees as well as condensed working patterns (4 day week/9 day fortnight). Employees based in GB will be employed on a permanent remote working contract.

 

Join our team and you’ll find challenge and reward in a culture of innovation, support and balance. 

 

 

 

Location

 

 

Northern Ireland/ Remote, GB

 

 

 

 

Your role in the team

 

Allstate Enterprise Solutions (AES) team is embarking on a journey to integrate security inside the software development lifecycle. 

 

Product Security is tasked to develop a security framework within the Allstate SDLCs, establish a software security assurance process, and work with product delivery teams to build applications securely from start to finish. 

 

The Product Security Engineer will be responsible for integrating security into the development of Allstate’s applications. The Product Security Engineer will work closely with the product and software development team to threat model and vulnerability scan the early software, system, and network architecture and identify required control points in the application stack. The Product Security Engineer will also work closely with developers to diagnose, document, and remediate application security vulnerabilities. The Product Security Engineer will also be responsible for evaluating, recommending, and implementing application security related software in an automated continuous integration/deployment environment. 

 

 

 

 

Responsibilities

 

  • Work closely with application development and platform teams to help formulate and implement a strategy for software security that is tailored to the specific risks facing the organization, including threat modeling and applications security advisement services. 
  • Develop and maintain a balanced application security program based on a well-defined application security framework 
  • Conduct application security assessments and implement tools for dynamic/automated code reviews 
  • Ensure application design and implementation best-practice with role-based and appropriate access standards, as well as integration with Identity and Access Management environments. 
  • Ensure compliance with society, regulatory, and industry standards for application security. 
  • Continuously evaluate the organization’s existing application security practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization. 
  • Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness. 
  • Conduct code reviews 
  • Develop and maintain unit and integration tests designed to ensure security controls are tested on every build 

 

 

 

 

 

 

So, what are the essential criteria to apply?

 

  • All candidates must evidence an existing right to work in the UK'
  • Bachelor’s degree or relevant post-secondary education 
  • 5+ years’ experience in a software development field such as Software Developer, Architect, Software Quality Assurance, or Application Security Engineer 
  • Experienced in at least one of the following development languages:  C#, C++, Java, .NET, Node.js, or Python 
  • Proficient in application architectural patterns, such as MVC, Microservices, Event-driven etc. 

 

 

 

 

 

We also have some desirable criteria

 

  • Knowledge of the OWASP Top 10 
  • Proficiency in preparation of presentations, analytical reports, and documents regarding program operational status, achievement, and performance. 
  • Understanding of Agile/XP/Scrum/Kanban 
  • Understanding of Test Driven Development built on User Stories 
  • Understanding of Continuous Integration/Testing/Delivery/CI/CD 
  • Familiarity with cloud architecture and services, such as AWS. 
  • Familiarity with Metasploit, Burp Suite, Fuzzing, and Jenkins is preferred. 
  • Familiarity with code reviews and penetration testing preferred. 
  • OSCP, OSCE, OSWE, CEH, or GWAPT Certifications are a major plus.    

 

 

What we offer

 

As Digital DNA’s Workplace of the Year 2020 & 2022 winners, we offer a generous benefits package that includes flexible annual leave entitlement, dental and healthcare insurance, an attractive pension package and discounts on gym memberships, public transport and parking.

 

Allstate invests heavily in your development, as an employee you will have access to multiple world-class learning platforms and courses from our award-winning in-house Learning & Development team.

 

We pride ourselves in providing clear career paths and opportunities for internal mobility allowing you to further develop within the organisation.

 

We encourage a better work life balance and you’ll have the opportunity to apply for various flexible working arrangements.

 

 

Statement on Fair Employment and Equal Opportunities

 

Allstate NI wishes to ensure equal opportunity is given to all job applicants.  This company will not discriminate on the grounds of race, gender (including gender reassignment status), sexual orientation, religious belief, political opinion, marital status, age or disability.

 

We are an equal opportunities employer. We welcome applications from all suitably qualified persons. However, as women are currently under-represented in our workforce, we would particularly welcome applications from women. All appointments will be made on merit.

 

Applicants should note Allstate NI complete AccessNI background checks on all candidates offered a position.

 

 

The closing date for receipt of applications is Thursday 28th September 2023

 

#LI-Remote

#LI-SP1