Lead Information Security Engineer- Application Security
Aaron’s has a long legacy as an industry leader with continued growth. In business since 1955, we have grown to over 2,000 stores across North America built on a foundation of excellence, customer focus, quality products and services. Personally, and professionally, we hold ourselves to high standards and an unwavering commitment to do what’s right; treating every individual with respect, compassion and integrity. We are highly invested in the communities we serve through our community outreach programs, donating time, products and services locally and nationally.
As a potential Aaron’s Associate, you’ll share our purpose and passion for making a real difference in the lives of others and the rewards that come from creating strong personal connections for life. You’ll be a contributing team member in an environment that embraces challenge and has a strong drive to achieve. We like to set the bar high, roll up our sleeves and work together to out-perform the competition. You’ll have an opportunity to work in an environment which prides itself on recognizing and rewarding top performers.
Interested in becoming a Lead Information Security Engineer – Application Security? As a Lead Information Security Engineer – Application Security you will be responsible for leading all information security assessments, vendor risk assessments, penetration testing, secure code reviews, and business process cyber security and privacy reviews
Come see why the difference is personal at Aaron’s, connect with us today!
- Lead all architecture reviews, attack and penetration testing, secure code reviews, and business process cyber security and privacy reviews
- Perform architecture analysis and risk assessments on the security of applications and services, discovering and addressing security issues, and quickly react to new threat scenarios
- Lead, champion, and validate secure SDLC processes including static code analysis, Integrated application security testing, dynamic analysis, code reviews and reconcile vulnerabilities within application security testing tools
- Facilitate security remediation of applications with security flaws and code defects with Product Managers, Application Leads, and Development teams
- Develop and implement best practices, reference implementations, automation, and testing for application security in web, mobile, and API (REST and SOAP)
- Coordinate or perform network and application security attack and penetration testing to ensure that Aaron’s services, applications, and websites are designed and implemented in accordance with leading practices
- Champion continuous improvement on secure coding practices, application security requirements, automation, training, and metrics
- Develop streamlined security metrics that enables IT leaders and senior management to take action on application security related risks
- Maintain the enterprise vulnerability management solution framework and processes
- Work with Information Technology to mature the patch management lifecycle based on vulnerability management SLAs
- Deploy and maintain web application, source code and penetration assessment tools.
- Deploy and maintain runtime application self-protection (RASP) tool.
- Research, evaluate, implement and manage security tools
- Regularly re-evaluate processes and procedures to drive continuous improvement and innovation
- Five to seven years of experience in Information Security, application security or development preferred
- Three to five years of experience working in and performing risk/architecture assessments on applications, network, mobile and SaaS solutions preferred
- Experience performing penetration testing and web application security assessments
- Experience performing vendor risk assessments strongly desired
- Experience in using penetration testing tools (Canvas, Nessus, Burp Suite, Metasploit) preferred, but not required
- Experience in working with and deploying vulnerability management solutions (Qualys, Rapid 7) preferred but not required
- Experience with static and dynamic analysis tools preferred.
- Experience with IAST and RASP tools preferred.
- Strong understanding of OWASP Top 10 and CWE 25; as well as experience in implementing and integrating remediation strategies
- Strong understanding of agile development processes and integrating secure development practices into the model
- Strong interpersonal skills with the ability to effectively collaborate with cross-organizational teams
- Self-starter with the ability to work independently as well as the ability to negotiate and bring consensus to diverse priorities of product development and solution delivery teams
- Excellent verbal and written communication skills including the ability to describe or explain complex processes and issues in a concise manner
- Ability to understand complex information systems, prioritize tasks, and meet deadlines with minimal supervision
- One or more of the following certifications (preferred, but not required): CISSP, CISM, GPEN, GWAPT, or CEH
This has been a milestone year at Aaron’s. In April, Aaron’s completed the transformative acquisition of Progressive Finance resulting in the strategic positioning of the Company as the leader in both the traditional rent-to-own (RTO) industry as well as the emerging virtual rent-to-own (RTO) space. The acquisition supports the Company’s strategy to address credit-challenged customers’ changing needs for acquiring home furniture, electronics and appliances as the consumer population leans more toward a multi-channel acquisition of goods and services.
Aaron’s plan to reshape the core business focuses on same store revenue growth, enhancing Aaron's online platform, driving cost efficiencies, moderating new store growth, and strengthening the franchise network. The Company has been aggressively developing its online strategy while working towards the roll-out of an e-commerce platform in early 2015. This demonstrates Aaron’s strategic initiative to reach its customers in an ever evolving marketplace.
Lease Ownership Retailer
Company Type: Public Company
Company Size: 10,001+