Edtech.com's Summary

OverDrive is hiring an Application Security Engineer. The role focuses on enhancing the security of OverDrive's applications by collaborating with development and IT teams throughout the software development lifecycle and ensuring compliance with standards like PCI, GDPR, and NIST CSF. The engineer will manage vulnerability remediation, conduct risk assessments, and perform penetration testing to safeguard customer and patron data.

Highlights

Maintain and improve application security and compliance with regulatory standards such as PCI, GDPR, FERPA, CCPA, and NIST CSF.
Work closely with development and IT departments to integrate security within all phases of the SDLC.
Assist in triaging and remediating vulnerabilities within the OverDrive environment.
Conduct risk assessments on third-party software and dependencies.
Perform application security penetration tests and coordinate with third-party vendors for larger application reviews.
Review SAST findings and advocate security best practices through presentations and threat modeling sessions.
Required programming skills include writing, reading, and designing in object-oriented languages such as C#, Ruby, and JavaScript.
Bachelor's degree in Computer Science or related field, or equivalent experience.
Strong interpersonal and communication skills required.
Position requires presence in Greater Cleveland, OH area with a hybrid schedule: 2 days on campus and 3 days working from home.

Application Security Engineer Full Description

Application Security Engineer

Information Technology & Security Cleveland, Ohio

Description

This position will require you to be in the Greater Cleveland, OH Area
We are presently in a hybrid schedule, 2 days on campus and 3 days WFH

The Application Security Engineer's responsibilities include maintaining and improving the security posture of OverDrive to protect our patron and customer data and intellectual property. This role works primarily with the development and IT departments to ensure a high level of security within our applications through all phases of our SDLC as well as maintain compliance with regulatory standards such as PCI, GDPR, FERPA, CCPA, NIST CSF, etc.

*** To be qualified for this Application Security Engineer opening, you need to be able to write OO code, read OO code, and design and implement web applications.

Responsibilities:

Assist with triage and remediation of vulnerabilities within the OverDrive environment.
Advocate security best practices throughout the company but especially within the development department through short monthly presentations or threat modelling meetings.
Review SAST findings for accuracy and risk to the custom code developed within the environment.
Perform risk assessments on third party software and libraries to determine the safety of their use in the OverDrive environment.
Research and review dependency vulnerabilities that are discovered in third party libraries.
Conduct research to identify new attack vectors against OverDrive’s products and services.
Perform application security pen tests against developed applications or work with third party vendors to perform yearly application reviews on larger applications.
Gather, verify and report audit to allow for educated decisions on remediations.

Requirements:

Bachelor’s Degree in Computer Science or related field or equivalent experience.
Application development experience required – C#, Ruby and JavaScript preferred
Excellent interpersonal / communication skills.
Well organized with strong attention to detail and ability to prioritize work.

What’s Next:

As you’ve probably guessed, OverDrive is a place that values individuality and variety. We don’t want you to be like everyone else, we don’t even want you to be like us—we want you to be like you! So, if you're interested in joining the OverDrive team, apply below and tell us what inspires you about OverDrive and why you think you are perfect for our team.

OverDrive values diversity and is proud to be an equal opportunity employer.

Original Job Description

Application Security Engineer

Information Technology & Security Cleveland, Ohio

Description

This position will require you to be in the Greater Cleveland, OH Area
We are presently in a hybrid schedule, 2 days on campus and 3 days WFH

*** To be qualified for this Application Security Engineer opening, you need to be able to write OO code, read OO code, and design and implement web applications.

Responsibilities:

Assist with triage and remediation of vulnerabilities within the OverDrive environment.
Advocate security best practices throughout the company but especially within the development department through short monthly presentations or threat modelling meetings.
Review SAST findings for accuracy and risk to the custom code developed within the environment.
Perform risk assessments on third party software and libraries to determine the safety of their use in the OverDrive environment.
Research and review dependency vulnerabilities that are discovered in third party libraries.
Conduct research to identify new attack vectors against OverDrive’s products and services.
Perform application security pen tests against developed applications or work with third party vendors to perform yearly application reviews on larger applications.
Gather, verify and report audit to allow for educated decisions on remediations.

Requirements:

Bachelor’s Degree in Computer Science or related field or equivalent experience.
Application development experience required – C#, Ruby and JavaScript preferred
Excellent interpersonal / communication skills.
Well organized with strong attention to detail and ability to prioritize work.

What’s Next:

OverDrive values diversity and is proud to be an equal opportunity employer.

Let me find your next job.

Thanks - you're signed up.

Application Security Engineer

Edtech.com's Summary

Application Security Engineer Full Description

Network & Security Engineer

Information Security Engineers

Cyber Security Systems Engineer

Cyber Security Engineer I

Lead Security Analyst