Software Developer (Security-Focused, Java) (2104383)
Software Developer (Security-Focused, Java) - ( 2104383 )
We are the world’s learning company with more than 21,000 employees operating in 70 countries. We combine world-class educational content and assessment, powered by services and technology, to enable more effective teaching and personalized learning at scale. We believe that wherever learning flourishes, so do people.
Pearson VUE is a business of Pearson, the world's leading learning company with global-reach and market-leading businesses. Pearson is listed on both the London and New York stock exchanges (UK: PSON; NYSE: PSO).
Who is Pearson VUE?
Each year millions of people around the world take an exam with Pearson VUE. Chances are you, or someone you know, has recently tested with us. Your neighbor the computer programmer, your dad’s nurse, your child’s teacher or your local real estate agent. All demonstrate their knowledge, skill and commitment when they test with Pearson VUE.
Bloomington, MN location required
As a security-focused developer, you will be responsible for improving application security across the platform. Initially this position will focus on hands-on development work to resolve vulnerabilities. This will transition into an increasing focus on identifying, assessing, escalating, and coordinating fixes across teams. This is a new role for this platform; however, you will work with security experts on other platforms and teams. The ideal candidate is a proven software developer who thrives working independently and setting their own direction, while also effectively collaborating and educating others. Candidates for this role are not expected to be security experts but they must have a strong interest and ability to learn security.
Developer responsibilities include full lifecycle activities using industry best practices in an agile, results driven environment while working with a diverse group of high-performing, experienced teams. You will be expected to continually grow and challenge all of us to raise the bar even higher with your contributions to people, process and technology. We are looking for another highly collaborative team member that has a passion for excellence and innovation and knows the importance of fun, self-care and flexibility while working on a variety of complex and challenging projects.
- Work closely with product and platform teams to implement changes to address security vulnerabilities. Maintain and support mission-critical applications as necessary. Full-lifecycle activities include following Pearson VUE and industry standards for analysis, requirements, design, reviews, testing, deployment, automation and support.
- Increasing willingness and ability to expand security knowledge (with focus on Application Security), and work across teams and platforms to proactively find and mitigate security vulnerabilities.
- Increasing ability and proactive focus on security related: communication, controls, best practices, industry knowledge, subject matter expertise across the platform, automation, reviews, documentation, training, mentoring, and process and procedures.
- Performs other duties as assigned.
Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.
Required Education & Experience
- Bachelor's degree in Computer Science, MIS, or equivalent technology discipline
- 5 years minimum industry Java development required
- 3 years industry programmatic interaction with relational database systems
- The current technology stack for our department includes but is not limited to: Java, Angular/AngularJS, Spring, Web Services (REST/SOAP), Angular, JPA/Hibernate, Swing, RESTEasy, SQL Server, RabbitMQ, Azure, Apache CXF, and Spring Boot.
- Industry experience in OOAD, agile processes, design patterns, SQL and UML
Desired Knowledge, Skills & Abilities
- Interest and ability to learn application security in a global enterprise IT environment
- Proven ability to quickly learn new processes and tools, business domains and technical apps
- Must have strong time management skills - including ability to work well under pressure, plan, set priorities, adapt to change, and meet established timelines
- Must develop effective relationships with internal and external contacts and work well within and across teams
- Must assimilate information, distill knowledge, apply experience and provide solution alternatives and recommendations
- Experience working in agile environment
- Experience in understanding software architecture
- Experience in creating design/solution documents and test driven development
- Desire to expand knowledge in many development languages, applications, and tools
- Ability to think technically and analytically
- Must be a self-starter and detail-oriented
- Must have a “positive” and energetic demeanor
- Effective written and verbal communication skills
- Creative problem-solving skills
Industry experience with all of the following (3-4 years industry experience required)
- Experience with Java and web applications, single-page Angular applications, REST and SOAP APIs
Experience with the following (Preferred; otherwise, strong desire to learn)
- Well-rounded background in application security
- Experience driving a culture of security awareness
- Current understanding of industry security trends and emerging threats
- Strong preference for working experience with security tools, using static code analysis, dynamic code analysis, and 3rd party library assessment tools
- Experience implementing security controls in a global enterprise IT environment
- Familiar with OWASP Secure Coding Practices, Continuous Integration/Continuous Deployment (CI/CD) processes/concepts, REST API technology and methods, and common security vulnerabilities and fixes
- Knowledge and remediation experience of common OWASP security risks such as SQL injection, XSS, DDoS, CSRF, XEE
- Proven ability in security process and organizational design
- Swing, RESTEasy, SQL Server (Transact-SQL), RabbitMQ, Azure, Apache CXF, SpringBoot, Gradle build framework, Docker, Kubernetes, Splunk, NewRelic
Primary Location : US-MN-Bloomington
Work Locations :
US-MN-Bloomington-5601 Green Valley5601 Green Valley DriveSuite 220
Job : Technology
Organization : Assessments VUE
Employee Status : Regular Employee
Job Type : Standard
Job Level : Individual Contributor
Shift : Day Job
Travel : No
Job Posting : Mar 29, 2021
Job Unposting : Ongoing
Schedule: : Full-time Regular
Req ID: 2104383