Under Armour is the chosen brand of this generation of athletes... and the athletes of tomorrow. We're about performance - in training and on game day, in blistering heat and bitter cold. Whatever the conditions, whatever the sport, Under Armour delivers the advantage athletes have come to demand.
That demand has created an environment of growth. An environment where building a great team is vital. An environment where doing whatever it takes is the baseline and going above and beyond to protect the Brand is commonplace.
The world's hungriest athletes live by a code, a pledge to themselves and everyone else: Protect This House... I Will. Our goal is to Build A Great Team! Will YOU…Protect This House?!
Are experienced at building security into the SDLC for web and mobile applications. You are forward thinking and like to stay one step ahead of the latest threats. You are passionate about cloud, DevOps, rugged software, security and want to help software engineers build more secure applications.
Under Armour Connected Fitness is innovating to support athletes everywhere with technologies including mobile & web. This senior contributor will join our Application Security Team and help build & improve security into all technologies Connected Fitness develops.
- Develop and implement best practices, reference implementations, automation, and testing for application security in web, mobile and API development
- Support application security team efforts to engage throughout the SDLC including:
- Create & communicate security requirements
- Conduct threat modeling exercises
- Assist with secure coding & secure design patterns
- Act as product owner for security features and changes
- Ensure proper testing & quality for security
- Consult with product owners, architects, and developers on application security
- Train developers, architects, code reviewers, and others on secure coding design patterns
- Improve application & data security awareness throughout Connected Fitness & UA
- Evaluate new security technology, trends and vulnerabilities and make recommendations to enhance our security posture
- Monitor platform security, and assist the team to make continuous improvements
- Mentor and develop team members on their career journey
- Excellent verbal and written communication skills to prepare and present recommendations to developers, architects, product owners, and managers
- Experience with:
- Multiple programming languages
- Building apps on iOS or Android platforms
- API centric platforms
- OWASP Top Ten, CWE, and other types of web attack patterns
- Web application penetration testing
- Code review tools or static analysis tools
- You have found defects in someone else’s code, helped them fix the issues, yet you remain friends
- Ability to learn new programming languages and platform technologies quickly
- Understanding of web/mobile design patterns and core architectures
- Passion for supporting all types of athletes through health & fitness technologies
- Education requirements (any of the following options):
- Masters degree in computer science or relevant engineering major
- Bachelors degree in computer science or relevant engineering major plus 3-5 years in application security
- Relevant work experience in application security or information security of at least 7 years
- Exposure to continuous integration pipelines
- Experience with AWS platforms
- Exposure to PCI, HIPAA, NIST or other standards
- Strong desire and ability to learn new technologies
- CSSLP certification
This position is based out of Austin, Baltimore, or San Francisco