Degreed is the upskilling platform that connects learning to opportunities. We integrate everything people use to learn and build their careers—skill insights, LMSs, courses, videos, articles, and projects—and match everyone to growth opportunities that fit their unique skills, roles, and goals. Degreed exists to discover, empower and recognize the next generation of the world’s expertise.
The Application Security Specialist will be a key member of the Information Security team, reporting directly to the Information Security Officer (ISO). The primary responsibility of this role is to oversee the development and implementation of a secure Software Development Life Cycle (SDLC). Additionally, the Application Security Specialist will collaborate closely with the DevOps team to provide guidance and ensure the security of Degreed’s cloud infrastructure.
As an Application Security Specialist, your primary responsibilities will involve collaborating with the product and engineering teams to proactively identify security issues during solution design and prevent vulnerabilities during development. You will support the development of design patterns and development standards to help developers and architects build secure solutions. You will support the development of assessment frameworks to evaluate designs then be responsible for their execution.
Our ideal candidate will be comfortable working cross-functionally and enjoy building customer trust both internally and externally while finding innovative ways to mitigate risk, and protecting the data of our clients and users using Degreed’s products.
Day in the Life
- Support the design of proactive application security frameworks to ensure the secure architecture and development of business solutions. This includes frameworks for performing consistent application security assessments, threat models, as well as the development of secure design patterns and development standards.
- Strong technical understanding of all security domains to help secure the Cloud environment, focusing on maturing the ability to protect assets and applications with applying controls around the four pillars of prevent, detect, respond and remediate.
- Join forces with our brilliant Security Engineering team to define and integrate Security Architecture standards and Secure SDLC across the organization, ensuring our security practices stay top-notch and our products remain unbeatable.
- Act as a key player in Degreed’s large-scale assisting the DevSecOps team
- CI/CD pipelines and help design high-tech security practices for our cloud and container release platforms.
- Conduct application security assessments, threat modeling and be involved with application design.
- Proactively communicate design and development principles to appropriate stakeholders.
- Empower and inspire our team of developers, architects, and others through training in secure coding and design principles to build the most robust and secure applications possible.
- Build an application security program to allow internal teams to improve security designs and reduce vulnerabilities found after development of code.
- Automation and standardization of all applicable processes.
- Adaptability: Comfortable working in a dynamic environment with constant change and ambiguity.
- Interpersonal Skills: Ability to build strong relationships with development, software architecture, and product management stakeholders.
- Cloud Knowledge: Familiarity with popular cloud provider solutions (such as Azure, AWS, GCP) and cloud orchestration tools (like Kubernetes).
- OWASP Understanding: In-depth comprehension of the OWASP Top 10 and the ability to effectively communicate security concepts with developers and application architects. Previous experience in development or software architecture is preferred.
- Security Assessments: Expertise in conducting cloud architecture reviews, application risk assessments, and threat modeling to identify potential security risks.
- SDLC Integration: Experience in integrating security controls into all stages of the Software Development Life Cycle (SDLC), including automating security measures into CI/CD pipelines.
- Risk Analysis: Ability to analyze business impact and exposure based on emerging security threats, vulnerabilities, and risks. Capable of recommending suitable technologies and solutions to mitigate those risks.
- Effective Communication: Skill in translating technical concepts into plain language to effectively communicate business risks and requirements to both technical and non-technical stakeholders.
- Collaboration: Collaboration with developers and software architects to adjust designs and ensure they meet business and technical requirements securely.
Who You Are
- 5+ years of overall experience in information security, including 3+ years in application security field and 1+ year in Cloud Security
- Background in the application security basics and a working knowledge of the OWASP Top Ten exploitation paths and control mitigations to protect against them. Cloud security experience preferred.
- Knowledge and experience with the configuration of security controls and secure migration of enterprise applications to one of the major cloud providers such as Azure (preferred), Amazon Web Services, or Google Cloud.
- Experience with defining and integrating Security Architecture standards and Secure SDLC across the organization. A general understanding of old and new development patterns: Release cycles, CI/CD, Code check-in and review. Demonstrated knowledge of build concepts like pipelines, runners, and security checks in early lifecycle build. A background in container build environments.
- Demonstrated experience conceptualizing and thinking about threat assessments and threat modeling both in the release cycle and containerized environments. Experience with vulnerability management.
- Exposure to delivering results in an agile environment driven by priorities.
- Some development background such as building applications in at least one language in recent history and understand the complexities of building in modern languages.
- Ability to work effectively in virtual environment where key team members and partners are in various time zones and locations.
- A cybersecurity certification would be highly advantageous (Security+, SSCP, CISSP, CISM, CCSP, CSSLP, CEH, etc.)
Compensation and Benefits at Degreed
Degreed is passionate about pay transparency and we are committed to fair and equitable compensation practices. The pay range for this role is $140,000 - $170,000. Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to: skill set, depth of experience, certifications, and specific work location. This may be different in other locations due to differences in the cost of labor.
We believe your best work happens when you have a complete life balance, and Degreed gives you the support and flexibility to make that happen. Degreed is committed to delivering a comprehensive benefits program that provides the support you need. At the time of this posting, this role is eligible to participate in the following benefits and wellness programs:
- Comprehensive health insurance for you and your family (both PPO and HDHP plans available)
- Dental and vision plans for you and your family
- Employer-paid life insurance, AD&D, short-term disability, and long-term disability
- Company equity
- 401(k) Retirement Savings Plan with up to 4% match
- Company funded HSA and dependent care FSA (pending eligibility)
- Generous Parental Leave
- Unlimited Paid Time Off and 5 sick days per year
- Education benefit: Up to $1,200 per year for anything you want to learn (and we mean anything!)
- 100% remote with a One-time Home Office Stipend to make your workspace more comfortable
- Monthly internet and phone stipend
- Monthly wellness stipend through Forma
- Wellness programs focused on your financial, physical, and mental wellbeing