Feature Of The Month

Job Details

Since these are all work from home, freelance, contract and telecommute jobs, you can be based anywhere and still apply, providing you meet the employer's requirements. However, there are times when the employer will ask for applicants from a specific location, this will be clearly stated in the job posting below.

Title: Sr. Application Security Engineer
Date Posted: 2018-02-13
Location: United States
More than a century ago, the College Board was born of a big idea: preserve American democracy through an admission process emphasizing merit over privilege. Over the years our organization has grown in an effort to support the millions of students who seek access to higher education in pursuit of their life's goals. Each and every year we are empowered to provide the best possible tools and assessments to help guide those students in achieving those goals. With technology as an essential service, managing and maintaining the integrity and protection of student, family and assessment data is paramount.

Our Information Security team owns security for all of the major programs, products and services we offer. We solve security challenges on a massive scale and we are looking for highly intelligent software security professionals to join us and help continue to raise the security bar for our organization. You should be someone who thrives on complex challenges, looks at how systems software is built, finding the best way to break it and then rebuild it so it can't be broken again. You should be passionate about protecting data because so many families and universities depend on us.

At The College Board, we believe insight and innovation is core to who we are. We don't aspire to the status quo. We are building software and platforms that millions of people rely on. We need Engineers who are excited by that mission and want to shape it every day.

If you are a software engineer that has worked in an Agile environment and you have a passion for security - come join our team!

Essential Functions and Responsibilities for this position

Mentors developers, through discussions, presentations, pair-programming, to demonstrate best practices in developing secure code.

- Analysis of application architectures and security patterns
- Develops threat models in conjunction with architects and software engineering staff.
- Implement security tooling and support common integrated development environments.
- Participate and/or lead application vulnerability reviews and remediations.
- Act as a liaison between software engineers and the Information Security Office.
- Documents and communicates application risks and vulnerabilities to technical stakeholders.
- Communicates expertise across teams via discussions, presentations, etc.
- Participates in team sprints, works with developers to aid in authoring secure code.
- Supports CI/CD and build pipelines with an understanding of quality and security gates.
- Performs/participates in architectural reviews that are meant to identify and remedy architectural security flaws.
- Identifies application security weaknesses and provides recommendations to correct them.
- Develops and maintain a sandbox for exploit testing and proof of concept, to better demonstrate vulnerabilities and their impact to commonly used frameworks.
- Provides risk assessments and recommendations to management work with broader ISO team on incident response and operational/strategic initiatives.
- Responsible for the use of security-related code analysis tools and takes the lead on tuning, enhancements, upgrades, and tool integration.
- Evaluates and promotes new and existing security standards, tools, and solutions.


- Bachelor's Degree in a related field plus additional related college courses or professional training and four to seven years of progressively responsible, directly related, experience required.
- One or more security certifications or a CISSP certification would be ideal


- Knowledge of secure development principles.
- Must have strong knowledge in web application development.
- Must have a thorough understanding of web protocols TCP/IP, UDP, HTTP, HTTPS, SSL, TLS, etc.
- Protocol analysis and forensic analysis experience is a plus.
- Experience with various programming languages (Java, C#, Python, PHP, Javascript, etc.).
- Experience with IBM AppScan Source Edition, IBM AppScan Standard, and/or HP Fortify is a plus.
- Experience with the following source code repositories is a plus: SVN, GIT, IBM ClearCase.
- Knowledge of common vulnerabilities such as cross-site scripting (XSS), session hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.
- Understanding of modern software engineering principles and practices as well as modern/Web 2.0/3.0 tools and frameworks.
- Familiar with common frameworks, spanning frontend and backend (Angular, Bootstrap, Node, Struts, Spring, NET MVC, etc.).
- Experience with RESTful web services.
- Experience with Web Application Firewall (WAF).
- Experience with micro services architectures.
- Experience with AWS and familiar with AWS services, components and common architecture patterns.
- Familiar with AWS cloud architecture security.
- Web Application Firewall technologies (WAF)
- Vendor SaaS and PaaS security products such as WhiteHat Sentinel
- DevOps experience and CI/CD model
- SonarQube
- Windows and/or Linux hardening techniques
- Docker hardening techniques
- Traffic and log analysis from a security perspective
- Familiar with AWS services, components and common architecture patterns
- Familiar OWASP/ SANS application vulnerabilities
- Experience with development code reviews
- Experience with Web and Application servers such as IIS, Apache, Tomcat and Weblogic
- Ability to travel when required.

This position may be subject to a background check.

The College Board is dedicated to the principle of equal opportunity and its programs, services and employment policies are guided by that principle.


We offer our employees an outstanding benefits package which includes 4 weeks of paid time off, a generous retirement plan, tuition reimbursement and ongoing professional development and training.


The College Board's mission is to connect students to college success and opportunity. We are a not-for-profit membership organization committed to excellence and equity in education. Among our best-known products are the SAT®, PSAT/NMSQT®, and Advanced Placement Program®.

The College Board is committed to diversity in the workplace and is an Equal Opportunity Employer. The College Board participates in E-Verify, a service of DHS and SSA, where required. Please understand that only qualified applicants will be contacted.

Apply via this link only:

keywords: application security engineer, senior application security engineer


Like us on Facebook

Follow us on Twitter
Company: The College Board
Contact person: Not mentioned
Contact information: info@collegeboard.org (DO NOT APPLY VIA THIS EMAIL ADDRESS)