Jobs
>
Houston

    Senior Application Security Engineer - Houston, United States - American International Group

    American International Group
    American International Group Houston, United States

    3 weeks ago

    Default job background
    Description
    Senior Application Security Engineer page is loaded

    Senior Application Security Engineer

    Postuler

    locations

    200 South College Street, Charlotte, NC

    TX-Houston

    time type

    Full time

    posted on

    Offre publiée il y a 22 jours

    job requisition id


    JR
    Who we are

    American International Group, Inc. (AIG) is a leading global insurance organization. AIG member companies provide a wide range of property casualty insurance in approximately 70 countries and jurisdictions. These diverse offerings include products and services that help businesses and individuals protect their assets and manage risks.

    We're also committed to making a positive difference for our colleagues and in the communities where we work and live.

    We encourage colleagues to give back to the causes they care most about, supporting these efforts through our Volunteer Time Off and Matching Grants Programs.

    Get to know the business
    At AIG, technology is at the heart of everything we do, from underwriting risks to processing claims.

    The Information Technology team equips our employees with the latest tools to complete their work efficiently and with the highest standards of excellence.

    The team is responsible for shielding the company's systems from security risks, while designing technology strategies that enable AIG's businesses to achieve their goals.

    AIG's Information Technology functions include application development and management, enterprise architecture, and technology risk and compliance.
    About the role


    The Senior Application Security Engineer will be responsible for supporting efforts to reduce API security risk within AIG by discovering, managing, monitoring, and reporting on API security vulnerabilities, advising the business and application teams as a senior Subject Matter Expert (SME) to enhance the security posture of the DevSecOps pipeline.

    The API Security SME will work with the business application teams and other technical teams to review existing and new APIs, web services in support of security control implementations that align with information security policies and standards.


    The person hired for this API security engineering position will be responsible for establishing and executing the API security testing program using various API pentest tools & manual methodologies.

    This role will require strong interaction with application developers to collect application detail, perform API security testing, report security vulnerabilities, and recommend remediation of API security vulnerabilities.

    The individual should possess strong API and traditional web application penetration testing expertise, excellent communication, and organizational skills. Web application testing, penetration testing, OWASP, prior scripting/coding experience is a plus.

    The scope of the duties includes researching security weaknesses within the APIs, developing automated tests, preparing reports and recommendations, collaborating with technical and non-technical staff, and reviewing code to maintain correctness and quality while ensuring security best practices are followed.


    What you need to know:
    Help develop processes to maintain an accurate inventory of RESTful APIs.
    Design and develop the automation of API discovery and automated testing using tools.

    Administer API security testing tools, perform API code reviews, and advise product development teams on API-related technical issues and questions.

    Perform continuous security testing for on-prem, cloud, mobile applications, and APIs.
    Experience with API discovery automation, security testing, and validation of externally facing APIs.
    Identify the most critical vulnerabilities across all native and third-party APIs.
    Develop alerts and proactive monitoring on new, changed, and exposed APIs.
    Develop the set of security standards and best practices for API implementation, recommending enhancements as needed.

    Create repeatable methods to assess and measure the security posture of APIs and deliver key metrics to assess the overall effectiveness.

    Help create playbooks to monitor, alert proactively, and respond to potential abuse and misuse of externally accessible API endpoints.

    What we're looking for:
    Hands on experience designing, developing, and testing secure APIs (e.g. with gRPC, REST, GraphQL).
    Knowledge in evaluating

    OWASP API top 10

    , National Institute of Standards and Technology (NIST) Special Publications, and the Open-Source Security Testing Methodology Manual (OSSTMM).
    Experience with managing and tuning WAF/RASP/DAST/IAST tools.
    Experience building and reviewing threat models with the ability to craft malicious user, attacker, and abuse/misuse cases.
    Experience with at least one of the following languages: Python, Go, Ruby, or JavaScript.
    Experience automating API security testing into CI/CD pipelines.
    Experience building secure-by-default frameworks and libraries.


    Desired Skills:
    10+ years of experience designing, developing, and testing secure APIs (REST, GraphQL, and gRPC).
    10+ years of experience building and delivering production quality, scalable, secure software systems.
    Knowledge of secure design patterns for distributed systems.
    Knowledge of authentication and authorization infrastructure (e.g. SAML, OpenID, OAuth).
    Knowledge of NYDFS and other US and international security frameworks.
    A look at our Benefits

    We're proud to offer a range of employee benefits and resources that help you protect what matters most - your health care, savings, financial protection and wellbeing.

    We provide a variety of leaves for personal, health, family and military needs.

    For example, our "Giving Back" program allows you to take up to 16 hours a year to volunteer in your community.

    Our global mental health and wellness days off provide all colleagues with a paid day off to focus on their mental health and wellbeing.


    We also believe in fostering our colleagues' development and offer a range of learning opportunities for colleagues to hone their professional skills to position themselves for the next steps of their careers.

    We have a tuition reimbursement program for eligible colleagues to enhance their education, skills, and knowledge in areas that relate to their current position or future positions to which they may transfer or progress.

    We are an Equal Opportunity Employer

    American International Group, Inc., its subsidiaries and affiliates are committed to be an Equal Opportunity Employer and its policies and procedures reflect this commitment.

    We provide equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories such as sexual orientation.

    At AIG, we believe that diversity and inclusion are critical to our future and our mission – creating a foundation for a creative workplace that leads to innovation, growth, and profitability.

    Through a wide variety of programs and initiatives, we invest in each employee, seeking to ensure that our people are not only respected as individuals, but also truly valued for their unique perspectives.


    To learn more please visit:


    AIG is committed to working with and providing reasonable accommodations to job applicants and employees with physical or mental disabilities.

    If you believe you need a reasonable accommodation in order to search for a job opening or to complete any part of the application or hiring process, please send an email to

    . Reasonable accommodations will be determined on a case-by-case basis.

    Functional Area:
    IT - Information TechnologyEstimated Travel Percentage (%): Up to 25%

    Relocation Provided:
    NoAIG Employee Services, Inc.

    About Us

    Nous sommes une Compagnie d'assurance internationale de premier plan, présente dans plus de 80 pays et juridictions.

    Nous proposons une large gamme d'assurances IARD et Responsabilité civile, d'Assurance vie, de solutions de retraite et d'autres services financiers pour accompagner nos clients dans leur quotidien professionnel et personnel par le biais de nos divisions d'assurance générale, vie et retraite et placements.

    Ce qui nous caractérise à travers toutes ces offres, c'est notre engagement à aider les individus, les entreprises et les communautés à se préparer et à réagir aux périodes d'incertitude.

    Qu'il s'agisse d'aider les personnes confrontées à des catastrophes naturelles ou les millions d'Américains qui aspirent à une retraite stable, nous avons l'expertise nécessaire pour aider nos clients à mieux gérer les risques.

    Nous nous engageons également à faire ce qu'il faut pour nos Employés et les communautés dans lesquelles nous travaillons et vivons.

    C'est pourquoi nous cherchons à offrir ce qui compte à nos équipes toujours plus diversifiées - comme des environnements de travail flexibles et créatifs, des opportunités de croissance professionnelle et des forums pour se soutenir les uns les autres et inciter au changement.

    Nous encourageons les Employés à soutenir les causes qui les intéressent le plus, par le biais de nos programmes de congés des bénévoles et de subventions spécifiques (« Matching Grants Program »).

    Rejoignez notre réseau de Talents (Talent Network

    ). Des informations supplémentaires sur AIG sont disponibles sur

    | YouTube | Twitter | LinkedIn. Ces références avec des informations supplémentaires sur AIG ont été fournies pour des raisons de commodité, et les informations contenues sur ces sites Web ne sont pas référencées dans ce communiqué de presse.

    #J-18808-Ljbffr
  • EDAG Engineering Group

    Security Engineer Automotive

    2 days ago

    EDAG Engineering Group Houston, United States

    Home Karriere Jobs & Bewerbung Stellenanzeigen Security Engineer* Automotive { "@context" : "", "@type" : "JobPosting", "title" : "Security Engineer* Automotive", "description" : "Hohe Kompetenz und die Leidenschaft fr neue Herausforderungen machen unseren Bereich Electrics/Elect ...

  • BARMER

    Security Operations Engineer

    2 weeks ago

    BARMER Houston, United States

    Ihre AufgabenAls Security Operations Engineer liegt Ihr Fokus auf der kontinuierlichen Verbesserung unserer Sicherheitsbetriebsinfrastruktur und -prozesse. Dabei unterstützen Sie mit folgenden Hauptaufgaben:Sie sind verantwortlich für die Analyse, das Design und die Umsetzung von ...

  • Control Risks

    Security Engineer

    1 day ago

    Control Risks Houston, United States

    Job Description · Job DescriptionThis position may be based in Chicago, Houston, or Washington DC. · This role will work with a team of cyber security consultants to help assess and test various controls within our clients' network to evaluate and determine compliance with the co ...

  • Control Risks

    Security Engineer

    1 week ago

    Control Risks Houston, United States

    Job Description · Job DescriptionThis position may be based in Chicago, Houston, or Washington DC. · This role will work with a team of cyber security consultants to help assess and test various controls within our clients' network to evaluate and determine compliance with the co ...

  • PTS Advance

    Cyber Security Engineer

    1 week ago

    PTS Advance Houston, United States

    Our client is one of the largest publicly traded partnerships and leading North American provider of midstream energy, services to producers and consumers of natural gas, NGL's, crude oil, refined products and petrochemicals. · Responsibilities: · Development and maintenance of s ...

  • Texas - Houston

    Network Security Engineer

    4 weeks ago

    Texas - Houston The Woodlands, United States

    Job Description - Network Security Engineer Your Future Starts Here Description Take the next step toward your new career today · Become a part of the diverse and inclusive team within our nationally recognized award-winning Bank that is one of the strongest in the nation. Woodfo ...

  • Funding Societies | Modalku Group

    Security Operations Engineer

    3 weeks ago

    Funding Societies | Modalku Group Houston, United States

    Funding Societies | Modalku is the largest SME digital financing platform in Southeast Asia. We are licensed in Singapore, Indonesia, Thailand, and registered in Malaysia. We are backed by Sequoia India and Softbank Ventures Asia Corp amongst many others and provide business fina ...

  • smart folks inc

    OT Security Engineer

    4 days ago

    smart folks inc Houston, United States

    Job Description · Job DescriptionHello · Hope you're doing well, · Please find the below job description If interested please send updated resume let me know if you have any questionOT Engineer · Houston TX · Full Time with Wipro · Coordinate all actions to ensure the sustenance ...

  • Cybernetic Search

    Network Security Engineer

    3 weeks ago

    Cybernetic Search Houston, United States

    We're assisting a bank in finding a network security engineer: · Requirements · Minimum of 3 years network or systems administration experience required. · Cisco Security or similar technologies (i.e., NGFW, NAC, load balancing), preferred. · Other beneficial experience (i.e., ...

  • Cyclotron, Inc.

    Microsoft Security Engineer

    3 weeks ago

    Cyclotron, Inc. Houston, United States

    Job Description · Job DescriptionMicrosoft Security Engineer (client-facing consulting required) · Location: Anywhere in North America (Fully Remote) · Employment Type: FTE · Level: Experienced/Mid-Level · Rate: $50,000-$90,000 (depends on experience level) · Responsibilities · ...

  • MindFore

    Cyber Security Engineer

    4 days ago

    MindFore Houston, United States

    Job Description · Job DescriptionJob Title: Cyber Security Engineer · Location: Houston, TX · Duration: 12+ Months · Job Description: · Information Security Consulting Services - Candidates should have verifiable training and experience in the following areas including, but not ...

  • Vector Recruiting

    Network Security Engineer

    2 weeks ago

    Vector Recruiting Houston, United States

    Job Description · Job DescriptionNetwork Security Engineer · The client is a leading company in the Banking and Financial Services Industry who is seeking an experienced Network Security Engineer to join their innovative team. In this vital role, you'll collaborate closely with i ...

  • MHI

    IT Security Engineer III

    3 weeks ago

    MHI Houston, United States

    Mitsubishi Heavy Industries America, Inc. (MHIA) is looking for an IT Security Engineer III to join our team. This is a hybrid role based out of our Houston, TX Office. · ABOUT MITSUBISHI HEAVY INDUSTRIES AMERICA, INC. (MHIA): · For over 130 years Mitsubishi Heavy Industries (M ...

  • Diverse Lynx

    Network Security Engineer

    3 weeks ago

    Diverse Lynx Houston, United States

    Senior Network Security Engineer · Houston, TX · Job Description: Proven 5-8 years of experience working as a Network Security Engineer, with a focus on designing and implementing secure network environments. · Strong knowledge of network protocols, firewall technologies, int ...

  • Honeywell

    Advanced Cyber Security Engineer

    3 weeks ago

    Honeywell Houston, United States

    Innovate to solve the world's most important challenges · This position is responsible for providing on-site cyber security, network, and OT services associated with industrial Process Control Networks for Honeywell customers in the Oil and Gas, Hydrocarbon Processing, Power Gene ...

  • Prudent Technologies & Consulting

    IAM Security Engineer

    3 days ago

    Prudent Technologies & Consulting Houston, United States

    Key Points : · 8+ years of software design and development, including at least 5+ years of development experience with Identity and Access Management technologies, 3+ years of relevant hands-on technical management experience and 2+ years of experience with cloud · This enginee ...

  • Milacron Holdings Corp.

    Cyber Security Engineer

    3 weeks ago

    Milacron Holdings Corp. Houston, United States

    Cyber Security Engineer - PAM/DLP page is loaded · Cyber Security Engineer - PAM/DLP · Apply · remote type · Remote · locations · Remote - India · Milacron · time type · Full time · posted on · Posted 3 Days Ago · job requisition id · R-2040 · Position Summary: · As ...

  • Centre Technologies

    Senior Security Engineer

    3 weeks ago

    Centre Technologies Houston, United States

    We are excited to announce we are expanding and looking to grow our team with a new Senior Security EngineerPosition Summary · As a Security Subject Matter Expert (SME), you will play a pivotal role in safeguarding our customer's and Centre's environment, information, and person ...

  • INSPYR Solutions

    Network Security Engineer

    4 weeks ago

    INSPYR Solutions Houston, United States

    Title: Network Security Engineer · Location: Houston, TX, Hybrid) · Duration: FTE · Work Requirements: US Citizens, GC Holders, or Authorized to Work in the U.S. · Qualified and interested candidates should email their resumes to Slater Davidson at · Skillset / Experience: · INS ...

  • Inspyr Solutions

    Network Security Engineer

    3 days ago

    Inspyr Solutions Houston, United States

    Title: Network Security Engineer · Location: Houston, TX, Hybrid) · Duration: FTE · Work Requirements: US Citizens, GC Holders, or Authorized to Work in the U.S. · Qualified and interested candidates should email their resumes to Slater Davidson at (url removed). · Skillset ...