At TransUnion, we have a welcoming and energetic environment that encourages collaboration and innovation. We're consistently exploring new technologies and tools. This environment gives our people the opportunity to hone current skills and build new capabilities, while discovering their genius.
As a Lead Application Security Engineer, you will be responsible for architecting, deploying, and maintaining a global technology infrastructure to support application testing and scanning. You will play a key role in deploying the infrastructure and defining the processes to establish a global scanning environment. As a Lead Application Security Engineer, you will be responsible for ensuring comprehensive coverage of the application scanning toolset across various architectures and platforms in support of our Attack Surface Reduction team.
Come be a part of our team - you'll work with great people, pioneering products, and deploy cutting-edge technology.
What You'll Bring:
3+ years of experience architecting, deploying, and maintaining global scanning infrastructures
2+ years of experience deploying and maintaining DAST, SAST, or IAST solutions in public cloud environments (AWS and Azure)
Hands-on experience with various DAST, SAST, or IAST solutions (e.g., AppScan, BlackDuck, Checkmarx, Netsparker, Seeker, Veracode, etc.)
Development experience with various scripting languages (e.g., PowerShell, Python, Unix shell scripts, etc.)
Strong understanding of networking fundamentals and familiarity with enterprise network architectures
Experience in Unix/Linux and/or Windows administration
Familiarity with Systems Lifecycle Development (SDLC) best practices
Ability to function autonomously and collaborate effectively in a fast-moving, highly matrixed, and sometimes ambiguous environment
Demonstrated excellence in providing superb customer service
Excellent verbal and written communication skills
Knowledge of Scrum/Agile software development
Experience in DevOps environments and automating security controls into the CI/CD process
Experience with or knowledge of Jenkins or other CI tools
Experience with configuration management systems (e.g., Ansible, Puppet, etc.)
One or more relevant certifications (e.g., GPEN, GWAPT, CISSP, OSCP/OSCE/OSWE, AWS or Azure-specific certifications, etc.)
Impact You'll Make:
Collaborate with the Attack Surface Reduction team to develop a scanning infrastructure strategy for long term sustainability and maintainability
Identify automation and configuration management processes to optimize global scanning operations
Develop a comprehensive backup strategy for scanning solutions and perform periodic DR testing to ensure backup efficacy
Work with the Attack Surface Reduction team to prioritize team requirements, develop execution delivery plans, and design a delivery feedback mechanism for product delivery tracking
Create robust documentation to capture FAQs and provide greater visibility into the scanning capabilities
Provide ongoing knowledge transfer and training of scanning capabilities via quarterly demos
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, veteran status, marital status, citizenship status, sexual orientation, gender identity or any other characteristic protected by law.
TransUnion's Internal Job Title:
Internal Number: 19009754
About Trans Union
TransUnion is a global information and insights company that makes trust possible between businesses and consumers, by ensuring that each consumer is reliably and safely represented in the marketplace.
We do this by having an accurate and comprehensive picture of each person.
This picture is grounded in our legacy as a credit reporting agency which enables us to tap into both credit and public record data; our data fusion methodology that helps us link, match and tap into the awesome combined power of that data; and our knowledgeable and passionate team, who stewards the information with expertise, and in accordance with local legislation around the world.
Because of our work, organizations can better understand consumers in order to make more informed decisions, and earn their trust through great, personalized experiences, and the proactive extension of the right opportunities, tools and offers. In turn, consumers can be confident that their data identities will result in the opportunities they deserve.
We make trust possible, so businesses and consumers can transact with confidence and achieve great things. We call this Information for Good®—it’s our purpose, and what drives us every day.