Job Location: Cary, NC
Role Value Proposition:
MetLife’s Global Application Security team’s mission is to identify, protect, detect, respond, and recover from threats to business applications in near real-time. This is a hands-on technical role where you will be accountable for the timely delivery of application security compliance testing.
As an IT Risk & Security Analyst you will be the front-line of defense working directly with application developers and program managers to ensure that secure SDLC processes for Agile and Waterfall development have security built in through automation and that software vulnerabilities are identified early in the SDLC and that they are remediated by application developers. You will be responsible for managing a portfolio of business applications, that include web applications, mobile applications, and API services. This is a highly visible role that supports the business and cybersecurity goals of MetLife’s senior leadership. Your technical knowledge, analytical thought process, and disciplined operational rigor are your keys to success.
- Provide security testing coordination and consultation services to application development teams and other enterprise stakeholders as required for a portfolio of API services, web, and mobile applications.
- Drive the discovery, understanding, and remediation of application vulnerabilities that are found using static code analysis, dynamic analysis, and open source software composition analysis tools.
- Promote a secure-by-design and Agile security culture across MetLife development teams.
- Enforce compliance with MetLife’s application security policies and standards.
- Continuously increase the effectiveness (i.e., planning, communication, and execution) of MetLife’s global application security program.
Essential Business Experience and Technical Skills:
- Bachelor’s degree in Computer Science, Cyber Security, Information Systems, or related discipline.
- 2+ years of combined experience in software development or application security testing and program management.
- Experience with static code analysis, dynamic analysis, and open source composition analysis using managed security testing platforms and application ethical hack testing.
- Conversant in the SANS/CWE Top 25 and the OWASP Top 10 as well as API security testing best practices and remediation.
- Strong technical communication skills to effectively and succinctly, convey vulnerability flaw details and a recommendation for remediation to developers and leadership.
- Professional certifications such as CSSLP, CEH, OSCP, or a SANS certification.
- Experience with white-box/black-box open source and commercial application security testing tools, tactics, and techniques.
- Experience with technology innovation (e.g., DevSecOps, RASP, WAF) security testing automation, and defect tracking.
- Ability to maintain awareness of emerging application security threats, especially those targeting the financial services industry. This position requires self-motivation, a strong willingness to learn, and passion for application security.
Information Security, Application Security
Number of Openings
At MetLife, we’re leading the global transformation of an industry we’ve long defined. United in purpose, diverse in perspective, we’re dedicated to making a difference in the lives of our customers.
MetLife, through its subsidiaries and affiliates, is one of the world’s leading financial services companies, providing insurance, annuities, employee benefits and asset management to help its individual and institutional customers navigate their changing world. Founded in 1868, MetLife has operations in more than 40 countries and holds leading market positions in the United States, Japan, Latin America, Asia, Europe and the Middle East.
We are one of the largest institutional investors in the U.S. with $642.4 billion of total assets under management as of March 31, 2021. We are ranked #46 on the Fortune 500 list for 2021. In 2020, we were named to the Dow Jones Sustainability Index (DJSI) for the fifth year in a row. DJSI is a global index to track the leading sustainability-driven companies. We are proud to have been named to Fortune magazine’s 2021 list of the “World’s Most Admired Companies.”
MetLife is committed to building a purpose-driven and inclusive culture that energizes our people. Our employees work every day to help build a more confident future for people around the world. Visit us at www.metlife.com to learn more about our brand, history, and values.
We want to make it simple for all interested and qualified candidates to apply for employment opportunities with MetLife. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to email@example.com or call our Employee Relations Department at 1-877-843-3711.
MetLife is a proud Equal Employment Opportunity and Affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment at MetLife without regards to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.
MetLife maintains a drug-free workplace.
Requisition #: 118927