Application Security Admin 3
Employment Type: Full-Time
Build your future, while protecting theirs.
You will be challenged. Rewarded. And valued for your unique experience, background and perspective. Join a team where hard work pays off and original thinking is celebrated. As you build your future at Westfield, you will quickly learn that protecting our customer's future is at the heart of what we do. We deliver on our promise to help restore lives and rebuild businesses when the unexpected happens. Building relationships has been part of our culture since 1848.
Be a part of a team that recognizes and appreciates those who take initiative, seek opportunity, and strive for innovation in a changing world. Westfield's IT organization is focused on enabling the company's strategic priorities in collaboration with our business partners. We continue to transform and evolve with the business as we deliver new solutions to meet their needs. We leverage a mix of building new solutions using trailblazing new technologies and integration with top industry software products. Our innovative work is made possible by the stability of a company with a 170+ year history.
Application Security Admin 3 Job Summary
Location: Westfield Center, OH Home Office
Salary Range: $106,881 - $138,945
The Application Security Administrator 3 is a hands-on role that works closely with application development and support teams to implement application security best practices, perform complex software reviews, conduct security testing and identify/remediate complex application security vulnerabilities for the enterprise. The Application Security Administrator 3 works within project teams to architect application security solutions. The Application Security Administrator provides leadership and technical guidance, as well as serving as a peer mentor and subject matter expert, to less experienced Application Security Administrators, other team members, and delivery associated with existing applications or projects. The Application Security Administrator 3 is accountable for asset ownership for the suite of single sign on security tools and other identity federation technologies.
Essential Functions (primary functions and/or reasons the job exists in order of importance)
* Works in a production support and/or project team environment to provide advanced systems administrative support for the installed web application security, single sign on and identity federation tools.
* Architects security solutions for internally built applications and vendor applications to allow for secure exchange of business data and identity.
* Investigates/troubleshoots/remediates user-to-system and system-to-system access for Westfield's web-based application environment.
* Serves in a hands-on role that works closely with application development and support teams to implement application security best practices, perform complex software reviews, conduct security testing and identify/remediate complex application security vulnerabilities for the enterprise.
* Coaches and mentors other Application Security Administrators, team members, and delivery associated with existing applications or projects. Provides technical guidance to other Application Security Administrators, other groups, projects and other work efforts.
* Works with application teams to integrate and support applications utilizing supported security technologies and established design patterns.
* Leads the coordination of routine maintenance for application security software to include quarterly patches and software upgrades following Westfield's standard change management best practice.
* Organizes business continuity activities for the team and ensures security standards are met.
* Leads process and/or system improvement activities with the immediate team and/or group.
* Monitors work queues, assigns work to team members.
* Provides a high level of personal integrity, reflecting the appropriate level of judgment as it pertains to security with the ability to professionally handle confidential matters.
* Serves as a subject matter expert for application security, single sign on and identity federations, leading coordination of system tuning, load testing, and capacity planning.
* Provides feedback to leadership on a variety of issues including team member contributions.
* Participates in required rotational on-call 24x7 support for off shift, weekends and holidays, as needed.
* Travels occasionally in order to participate in special assignments, training, and/or travel between office locations.
Desired Qualifications/Experience/Certification/Education (in order of importance)
* 7+ years of IT experience.
* 2+ years of experience with Enterprise LDAP systems and/or integration tools.
* Experience in web or mobile application security.
* Experience implementing and engineering application security policies and standards (e.g. Web Services, SSO, LDAP, and Federation).
* Experience with web application security, single sign on and identity federation tools (e.g. IBM Security Access Manager, Federation Identity Manager, WebSeal, SecureAuth, Ping Identity, Oracle Enterprise Single Sign-On, and CA SiteMinder).
* Experience with web services (e.g. REST, SOAP).
* Experience leading and coordinating enterprise wide infrastructure projects as it relates to application security.
* Knowledge of Enterprise Operating Systems (Linux, Windows) and web application platforms such as WebSphere Application Server.
* Experience working on high risk and complex integrated assignments.
* Experience mentoring, coaching, motivating, and positively influencing others.
* Demonstrates strong analysis skills necessary to handle all aspects of tasks required; including analytical skills, problem solving skills, and information gathering skills.
* Knowledge of cloud-based infrastructures and how they affect security needs
* Experience in maintaining application infrastructure; software upgrades, patches, migration etc.
* Understanding of cryptographic processes (key management, seeding and PKI).
* Demonstrated knowledge of information security principles and standards, web applications and a level of familiarity with malicious code and common techniques used by hackers.
* Excellent oral and written communication skills and the ability to self-manage.
* Bachelor's degree in Computer Science, Information Systems, or related field OR commensurate work experience.
* Valid driver's license and a driving record that conforms to company standards.
Physical Requirements (specific to the role)
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
* Ability to work effectively in an office environment for 40+ hours per week (including sitting, standing, and working on a computer for extended periods of time).
* Ability to communicate effectively in a collaborative work environment utilizing various technologies such as: telephone, computer, web, voice, teleconferencing, e-mail, etc.
* Ability to travel as required.
* Ability to operate an automobile within the parameters of the driving policy.
* Required rotational on-call support.
This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.