Sr Principal Application Security Engineer
Job ID
72377
Posted
17-Jun-2022
Service line
Corporate Segment
Role type
Full-time
Areas of Interest
Digital & Technology/Information Technology
Location(s)
Remote - US - Remote - US - United States of America

Job Summary

The mission of the individual in this role is to leverage their strong understanding of enterprise-level knowledge and/or expert knowledge to mitigate cyber security risk through the strategic development and implementation of Security Champion and Product Security Engineering programs . They will actively work with the CBRE business, Digital & Technology and other partner organizations (Compliance, Risk Mgmt., Audit, & Legal) to seamlessly integrate security processes, tools, and people into the business culture providing a holistic security ecosystem, driving continuous improvements and seamless protection / monitoring capabilities globally. Leads and executes on complex initiatives that drive problem resolution. As a senior member on the team, this individual will work with progressive development teams with a mindset toward being agile and solving problems iteratively.

Experience in all skills listed is not necessary to be qualified for the position. If you have relevant similar experience, we still want to talk to you.

Essential Duties and Responsibilities

·       Be a broker of security, being able to sell the benefits of security, while being mindful of the needs of development teams all over the world

·       Evaluate existing Security Champions program to identify areas for improvement and change

·       Establish approaches for identifying new Security Champions and evaluating Champion growth and impact

·       Define strategic approach for to increase the reach of application security within the organization through development of a new Product Security Engineer program.

·       Understand the concepts of assessing risk, rather than just saying “No”. Be able to find a way to make development teams successful, while still ensuring secure practices

·       Configuring, and administrating technologies for our product teams including SAST, DAST, OSA, secrets management, etc...

·       Help software development teams to understand, and remediate security findings

·       Work with development teams throughout the entire SDLC to ensure code is secure by design, and all the way through production deployment.

·       Assist in development of internal security policies, procedures, and guidelines

·       Be able to quickly come up to speed on new and emerging technologies/cloud services, and understand how to establish at least a baseline of security for them

·       Have well founded opinions and be willing to express your disagreement when something doesn't pass the ‘smell test’ for you.

·       Other duties as assigned

Supervisory Responsibilities

Shape the direction of the program team moving forward. May provide formal supervision to individual employees within single functional or operational area. Recommends staff recruitment, selection, corrective action and termination. Prepares and delivers performance appraisal for staff. Mentors and coaches team members to further develop competencies. Leads by example and models behaviors that are consistent with the company's values.


Education and Experience

·       Previous experience developing and/or running a Security Champions program

·       Advanced understanding of DevOps practices, and CICD pipelines

·       Advanced understanding of application security testing tools for SAST, DAST, OSA, etc.

·       Advanced experience with either AWS or Azure

·       Strong experience with containers and orchestration platforms (Kubernetes, Mesos, etc.)

·       Strong experience with Kubernetes as well as managed deployments such as EKS and AKS

·       Strong experience integrating application security into Agile teams

·       Strong experience in threat modeling

·       Intermediate knowledge of Infrastructure as Code (Terraform, Ansible, etc.)

·       Bachelor's degree (BA/BS) in a related field of work

o   or equivalent combination of education and experience (equivalent work experience = 2 years of related experience for every year of higher-level education).

Other Skills and/or Abilities

·       Experience with GCP or AliCloud security capabilities

·       Understanding of modern software development practices

Communication Skills

Ability to comprehend, analyze, and interpret the most complex business documents. Ability to respond effectively to the most sensitive issues. Ability to write reports, manuals, speeches and articles using distinctive style. Ability to make effective and persuasive presentations on complex topics to employees, clients, top management and/or public groups. Ability to motivate and negotiate effectively with key employees, and management to take desired action.

Reasoning Ability

Ability to solve advanced problems and deal with a variety of options in complex situations. Requires expert level analytical and quantitative skills with proven experience in developing strategic solutions for a growing matrix-based multi-industry sales environment. Draws upon the analysis of others and makes recommendations that have a direct impact on the company.


CBRE is an equal opportunity/affirmative action employer with a long-standing commitment to providing equal employment opportunity to all qualified applicants regardless of race, color, religion, national origin, sex, sexual orientation, gender identity, pregnancy, age, citizenship, marital status, disability, veteran status, political belief, or any other basis protected by applicable law.

NOTE: An additional requirement for this role is the ability to comply with COVID-19 health and safety protocols, including COVID-19 vaccination proof and/or rigorous testing.