CBS Corporation Application Security Engineer in San Francisco, California
Application Security Engineer
CBS BUSINESS UNIT: CBS Interactive
JOB TYPE: Full-Time Staff
JOB LOCATION: San Francisco, CA
CBS Interactive is the premier online content network for information and online operations of CBS Corporation as well as some of the top native digital brands in the entertainment industry. Our brands dive deep into the things people care about across entertainment, technology, news, games, business and sports. With over 1 billion users visiting our properties every quarter, we are a global top 10 web property and one of the largest premium content networks online.
Check us out on  The Muse,  Instagram and  YouTube for an inside look into 'Life At CBSi' through employee testimonials, office photos and company updates.
Join the Information Security Team at CBS Interactive as an Application Security Engineer and be a part of the talented team that designs, builds and deploys solutions that protect CBS Interactive and its customers against advanced adversaries. You will research the latest threats & methods for developing secure software throughout its lifecycle by assessing application security risk in the prevention, detection and reaction to threat identification and defense capabilities in our development process. Your mission will be to ensure that CBS Interactive application and customer data remains secure. You will work across many teams including product development, engineering, & operations. You will work across multiple work streams including application security, security operations, and incident response. In this role, you will design and develop application security controls to support the CBS Interactive team and the platform our customers utilize.
Review implementation code of critical projects; identify security flaws and suggest remediation
Maintain and administer the open-source applications security testing (OAST) environment through access controls.
Maintain and administer the dynamic applications security testing (DAST) environment through access controls.
Build, automate, and operate automated security capabilities for CBS Interactive including static application security testing (SAST) and dynamic code analysis across multiple technology stacks and development languages.
Develop automated integration with platform like Jenkins, GitHub & Jira
Act as advisor in the area of secure development and threat mitigation
Thorough knowledge of the Secure SDLC and DevOps principles.
Work with our engineering and development community to help define security gates as part of the process
Develop our mobile framework for security testing and continue to monitor new threats and publish internal best practices.
Design training material for building the engineering function as a central tenet of security testing.
Publish quarterly internal newsletters associated with open source releases each quarter.
Develop new security frameworks for desktop and web based applications
Work with development to ensures fixes are applied as per the vulnerability policy in order to remediate as required.
What you bring to the team:
You have -
BS or MS degree in Computer Science, Computer Engineering, or equivalent technology experience.
Understanding of Application security in context of SDLC and CI-CD
Strong knowledge of web protocols and knowledge of various security tools and architecture.
Demonstrated software development proficiency (Perl, Python, Go, Java).
Comprehension of algorithms and processes for programmatic automation via scripting or programming languages (Python, Ruby, shell, perl, etc.).
Well-rounded background in application, network and host security.
Ability to prioritize multiple tasks and projects in a dynamic environment.
Effective written and oral communication with multiple levels of leadership involving both business and technical sides of the business.
Equal Opportunity Employer Minorities/Women/Veterans/Disabled