Temporary Application Security Engineer
Operations – Information Security
Planned Parenthood Federation of America (PPFA) is the national umbrella organization for the nation’s leading network of women’s health care providers, educators, and advocates, serving women, men, teens and families. Planned Parenthood Action Fund is the advocacy and political arm of PPFA. For over 100 years, Planned Parenthood has done more than any other organization in the United States to improve women’s health and safety, prevent unintended pregnancies, and advance the right and ability of individuals and families to make informed and responsible health care decisions.
Planned Parenthood Federation of America (PPFA) and Planned Parenthood Action Fund seeks a dynamic and effective Application Security Engineer to join our team.
Purpose:To protect our applications and systems within our digital portfolio from attacks and vulnerabilities. You will be tasked with identifying and providing recommendations for risks in code, applications, software architecture, and internal development processes.
- We’re looking for a passionate and resilient team member who doesn’t mind unpacking problems to find root causes, is comfortable anticipating risks, and shows the initiative to seek the most interesting and diverse challenges that come with developing software at scale.
- Drive to define and enforce cross-organization standard methodologies for improving code quality, performance, and security compliance.
- Contribute to the effort of solving complex technical challenges to improve engineering and architecture efficienciesDesign, build, and on-board tools to accelerate build, testing, release, and deployment.
- Lead definition of secure-SDLC and product security maturity model, to adopt a shift-left approach to security partnering with our internal and external development teams Provide technical expertise enhancing security criteria for existing application architecture for new features on existing products, make other relevant technical security decisions on new and current products and their launches/releases.
- Partner with engineering and product teams to design, develop, and implement security solutions to identify and close security gaps for AWS cloud and on-premise data center environments.
- strong relationships with our development and product teams and cultivate a culture of security awareness and ownership
- Help develop security standards, preferred implementation patterns, and developer documentation and education materials.
- Embed yourself in the application security industry and provide quarterly security briefings to advise on the latest tools and techniques to better protect the Planned Parenthood network and Affiliates.
- In this role, you will work closely with multiple developments and product teams, both inside and outside the organization, to help design and refine tools and infrastructure that empower engineers to develop and deliver applications with security in mind which impact millions of Planned Parenthood users.
Knowledge, Skills and Abilities (KSAs)
- This position requires a strategic thinker with strong collaboration skills and detailed working knowledge of security technologies and best practices for a complex business environment to ensure that products and systems are deployed in a secure manner.
- Strong relationship-building, interpersonal, and communication skills, flexible and able to work well equally both independently and cross-functionally with teams
- Ability to develop and present technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements
- Ability to work in a dynamic, fast-paced environment with limited direction and actively defines process improvements, champions and drives change initiatives, confronts difficult circumstances in creative ways, balances competing for priorities and executes accordingly
- Knowledge of Python, Django & Django CMS requiredUnderstanding of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices for application securityHands-on experience in threat modeling, SAST, DAST, and web application security frameworks including OWASP 10 and SANS 25Strong technical, analytical, and problem-solving skills
- Software development experience in an object-oriented programming language such as Java, React, Python, HTML5, CSS3, React, Vue.js,
- Strong experience with container and container orchestration technologies such as Docker, and Kubernetes
- Experience designing and implementing RESTful APIsExperience with software system design in the cloud environment5-8 years- Strong version control and CI/CD experience with Git, Github, Continuous Integration (Jenkins), and the full product development lifecycle. Experience in designing database schemas and models - PostgreSQL, MySQLExperience in Team-Based Development (Scrum, Agile) and related tools.
- Knowledge of other languages and frameworks like Node.js, Ruby, PHP or Perl a plus.
- Unix/Linux, performance, load, and simulation testing
- Experience with networking, storage, logging, monitoring and alerting, distributed systems, stress/load/performance simulation/testing
- Good public cloud experience
PPFA participates in the E-Verify program. We are an equal employment opportunity employer and are committed to maintaining a non-discriminatory work environment, does not discriminate against any employee or applicant for employment on the basis of race, color, religion, sex, national origin, age, disability, veteran status, marital status, sexual orientation, gender identity, or any other characteristic protected by applicable law. We're committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.