Engineer, Application Security- (Open to remote)

Penguin Random House is seeking an Application Security Engineer to join the IT Security team. This position will be responsible for advancing Secure Software Development Life Cycle (SDLC) practices and incorporating Application Security services and technologies to achieve a security-first design in all of Penguin Random House's applications. In addition, the individual will be expected to contribute to and help deliver services and projects across various aspects of information security. The individual will collaborate with developers and business stakeholders from relevant technical teams to evaluate the security architecture of new products and features through application security assessments. They will prioritize and provide guidance on mitigating identified weaknesses and vulnerabilities while working with development teams to define and promote security best practices. The ideal candidate will have experience in at least one of the following areas: securing workflows in AWS and Azure, proficiency in SecDevOps and automation, familiarity with secure coding practices, or a background in application development with a desire to move into application security. In this role, you will establish cross-functional relationships with team members while being a trusted resource for Development. You will also maintain a hands-on role in implementing solutions and crafting specifications for those teams. Specific responsibilities include: Develop and refine our core infrastructure architecture to minimize the vulnerability of essential services and reduce the impact of potential security exploits. Strategize and implement application security architectures that are in line with the company's business objectives, ensuring adherence to privacy standards and compliance requirements. Utilize scripting languages (Python, Ruby, Bash, etc.) to build automation tools as needed. Create and deliver presentations and documentation to educate developers and operations teams on application security best practices and secure coding techniques. Identify and assess threats, vulnerabilities and potential exploits through architecture design reviews, threat modeling, code reviews, SCA/SAST/DAST assessments and collaborate with developers/engineers to remediate issues. Formulate and establish application security policies, standards and guidelines to support the secure development of products and services. Collaborate with the DevOps team to enhance Application Security, integrating security tools into the CI/CD pipeline, including container security, SCA/SAST, DAST, IAST, and third-party vulnerability Scanning. Partner with security stakeholders across the organization to assist delivery teams in conceptualizing and implementing security-focused projects and initiatives.

Penguin Random House is the leading adult and children's publishing house in North America, the United Kingdom and many other regions around the world. In publishing the best books in every genre and subject for all ages, we are committed to quality, excellence in execution, and innovation throughout the entire publishing process: editorial, design, marketing, publicity, sales, production, and distribution. Our vibrant and diverse international community of nearly 300 publishing brands and imprints include Ballantine Bantam Dell, Berkley, Clarkson Potter, Crown, DK, Doubleday, Dutton, Grosset & Dunlap, Little Golden Books, Knopf, Modern Library, Pantheon, Penguin Books, Penguin Press, Penguin Random House Audio, Penguin Young Readers, Portfolio, Puffin, Putnam, Random House, Random House Children's Books, Riverhead, Ten Speed Press, Viking, and Vintage, among others.