Senior Application Security Engineer

We invite you to explore a future with us at PRA Group, a diverse and growing company that has a tangible impact on the global economy.

Position Summary: 

PRA Group is hiring a Senior Application Security Engineer to join the Information Security team. This new role joins the newly created Application Security department, providing an exciting opportunity for an experienced application security professional to make an impact and lead application security initiatives across the enterprise. Reporting to the Associate VP of Application Security, this role requires frequent collaboration with development and project management teams to ensure secure coding and architectural principles are integrated across the SDLC. The person in this role will also provide vulnerability remediation guidance, develop and nurture a partnership model between the Information Security team and Software Development teams, and participate in AppSec activities such as tuning existing toolsets, creating and maintaining a bug bounty program, and managing inventory of software assets.

Experience:

• We are seeking individuals with at least 3 to 5 years of experience as an Application Security Practitioner as well as 3-5 years of previous experience in software engineering in large-scale production environments  
• CISSP certification or one that is in progress is preferred
• Experience with enterprise backend systems written in languages such as .NET/C#, Ruby on Rails, or Java; prefer C#.
• Experience with git version control 
• Understanding of the software development peer review, testing, deployment and maintenance phases 
• Also experience with front end languages and frameworks such as Vue.JS, Blazor, and vanilla JS 
• Experience working within frameworks and guidelines such as ISO 27001 and the OWASP Top 10  
• Experience integrating 3rd- party and/or custom security testing solutions into CI/CD pipelines 
• Experience with tuning and managing security testing tools such as DAST/SAST and SCA 
• Bachelor’s Degree in Computer Science, Information security OR related professional experience 

Preferred Experience:

• Proven track record of contributing to the security or software development field, including teaching, speaking, mentoring, volunteering or publishing works 
• Any experience or interest in Cloud Security, IAC, container security, or AI security 
• A passion for cross-departmental education and communication 
• Interest in how security can inform business processes, whether by driving revenue or cutting costs 

Key Responsibilities:

• Collaborate with software engineering to implement Application Security architecture as designed by the senior leadership of InfoSec and software engineering 
• Act as security advisor to SWE, which includes triaging security vulnerabilities, illustrating common exploits, assessing reachability from an attacker’s perspective, and …