Sr Principal Application Security Engineer
Areas of Interest
Digital & Technology/Information Technology
Remote - US - Remote - US - United States of America
The mission of the individual in this role is to leverage their strong understanding of enterprise-level knowledge and/or expert knowledge to mitigate cyber security risk through the strategic development and implementation of Security Champion and Product Security Engineering programs . They will actively work with the CBRE business, Digital & Technology and other partner organizations (Compliance, Risk Mgmt., Audit, & Legal) to seamlessly integrate security processes, tools, and people into the business culture providing a holistic security ecosystem, driving continuous improvements and seamless protection / monitoring capabilities globally. Leads and executes on complex initiatives that drive problem resolution. As a senior member on the team, this individual will work with progressive development teams with a mindset toward being agile and solving problems iteratively.
Experience in all skills listed is not necessary to be qualified for the position. If you have relevant similar experience, we still want to talk to you.
Essential Duties and Responsibilities
Be a broker of security, being able to sell the benefits of security, while being mindful of the needs of development teams all over the world
Evaluate existing Security Champions program to identify areas for improvement and change
Establish approaches for identifying new Security Champions and evaluating Champion growth and impact
Define strategic approach for to increase the reach of application security within the organization through development of a new Product Security Engineer program.
Understand the concepts of assessing risk, rather than just saying No. Be able to find a way to make development teams successful, while still ensuring secure practices
Configuring, and administrating technologies for our product teams including SAST, DAST, OSA, secrets management, etc...
Help software development teams to understand, and remediate security findings
Work with development teams throughout the entire SDLC to ensure code is secure by design, and all the way through production deployment.
Assist in development of internal security policies, procedures, and guidelines
Be able to quickly come up to speed on new and emerging technologies/cloud services, and understand how to establish at least a baseline of security for them
Have well founded opinions and be willing to express your disagreement when something doesn't pass the smell test for you.
Other duties as assigned
Shape the direction of the program team moving forward. May provide formal supervision to individual employees within single functional or operational area. Recommends staff recruitment, selection, corrective action and termination. Prepares and delivers performance appraisal for staff. Mentors and coaches team members to further develop competencies. Leads by example and models behaviors that are consistent with the company's values.
Education and Experience
Previous experience developing and/or running a Security Champions program
Advanced understanding of DevOps practices, and CICD pipelines
Advanced understanding of application security testing tools for SAST, DAST, OSA, etc.
Advanced experience with either AWS or Azure
Strong experience with containers and orchestration platforms (Kubernetes, Mesos, etc.)
Strong experience with Kubernetes as well as managed deployments such as EKS and AKS
Strong experience integrating application security into Agile teams
Strong experience in threat modeling
Intermediate knowledge of Infrastructure as Code (Terraform, Ansible, etc.)
Bachelor's degree (BA/BS) in a related field of work
o or equivalent combination of education and experience (equivalent work experience = 2 years of related experience for every year of higher-level education).
Other Skills and/or Abilities
Experience with GCP or AliCloud security capabilities
Understanding of modern software development practices
Ability to comprehend, analyze, and interpret the most complex business documents. Ability to respond effectively to the most sensitive issues. Ability to write reports, manuals, speeches and articles using distinctive style. Ability to make effective and persuasive presentations on complex topics to employees, clients, top management and/or public groups. Ability to motivate and negotiate effectively with key employees, and management to take desired action.
Ability to solve advanced problems and deal with a variety of options in complex situations. Requires expert level analytical and quantitative skills with proven experience in developing strategic solutions for a growing matrix-based multi-industry sales environment. Draws upon the analysis of others and makes recommendations that have a direct impact on the company.
CBRE is an equal opportunity/affirmative action employer with a long-standing commitment to providing equal employment opportunity to all qualified applicants regardless of race, color, religion, national origin, sex, sexual orientation, gender identity, pregnancy, age, citizenship, marital status, disability, veteran status, political belief, or any other basis protected by applicable law.
NOTE: An additional requirement for this role is the ability to comply with COVID-19 health and safety protocols, including COVID-19 vaccination proof and/or rigorous testing.
CBRE, Inc. is an Equal Opportunity and Affirmative Action Employer (Women/Minorities/Persons with Disabilities/US Veterans)