About EAB At EAB, our mission is to make education smarter and our communities stronger. We work with more than 2,800 institutions to drive transformative change through data-driven insights and best-in-class capabilities. From kindergarten to college to career, EAB partners with leaders and practitioners to accelerate progress and drive results across enrollment, student success, institutional strategy, data analytics, and advancement. We work with each partner differently, tailoring our portfolio of research, technology, and marketing and enrollment solutions to meet the unique needs of every leadership team, as well as the students and employees they serve. At EAB, we serve not only our partner institutions but each other—that's why we are always working to make sure our employees love their jobs and are invested in their communities. See how we've been recognized for this dedication to our employees by checking out our recent awards. For more information, visit our Careers page. The Role in Brief: Product Security and Privacy Engineer EAB develops applications that serve the education industry. The Product Security Engineer will have wide-ranging responsibilities dedicated to the security of these EAB products by securing applications, API endpoints, CI/CD pipelines, AWS and on-premises infrastructure, as well as understanding privacy law and ensuring regulatory compliance. This is an excellent opportunity to work in a variety of Infosec roles while contributing to a dynamic DevOps environment with continually evolving software products. This hire may be based in Washington, DC or Richmond, VA; position is also open to remote employment within the continental United States Primary Responsibilities: Security assessments of cloud and on-premises networks, software, mobile and web applications, API endpoints, and AI-enabled applications Penetration testing of EAB networks and applications Secure code review Conduct end-to-end architecture evaluations Threat Modeling exercises Manage and troubleshoot automated security tooling in a DevOps environment Work with software developers through the SDLC, identifying and explaining software vulnerabilities and remediation Continuously adapt to DevOps and CloudOps culture and work cycles Develop new integrations and workflows to improve how developers interact with security tools (Wiz, Veracode) and drive more effective remediation Help the Infosec team develop new standards, processes, and guidelines to mature service offerings and support EAB engineering teams Assist in developing process to comply with applicable privacy laws Conduct cookie scans and create banners for EAB websites and marketing campaigns Analyze pixels, scripts, and GTM Tags for security and privacy risks Maintain and improve documentation of risk and remediation tracking Respond to requests for information and analysis from the Infosec team Analyze and respond to requests for Infosec security exceptions and approvals Provide security recommendations and guidance to product developers and IT teams Participate in and continuously improve the risk management program Further duties as necessary to meet security and privacy needs Ability to travel to the corporate office in Washington, DC and/or Richmond, VA as directed Basic Qualifications: 1+ year of direct experience Have a deep understanding of web app functionality and potential security flaws Ability to explain OWASP Top Ten lists and map them to real-world application flaws Understanding of Artificial Intelligence (AI) risks, mitigations, and ethics History of working as part of the SDLC in a DevOps environment Work in a cloud environment and have familiarity with Infrastructure-as-code Security Tooling Experience (direct experience with these or similar tools): Burp Suite, ZAP Any tools available in the Kali Linux toolset Code analysis tools (Veracode, Snyk, etc.) AWS tooling CSPM tools (Wiz, Orca, etc.) Vulnerability management scanners (Nessus, Rapid7, etc.) OneTrust cookie compliance and DSAR automation Understanding and applying privacy laws such as GDPR and CCPA Compliance with frameworks such as NIST 800-171 SOC2 compliance and auditing Software development experience in Python, Ruby, Java, or other common Experience with at least one development project (enterprise, personal, open source, etc.) from inception to release Ideal Qualifications: Bachelor’s degree in Computer Science, Software Engineering, or a related field Commitment to embracing a continual learning environment and contributing to a dynamic and welcoming culture of fairness, authenticity, and belonging in support of EAB’s mission, values, and aspiration. If you’ve reached this section of the job description and are unsure of whether to apply, please do! At EAB, we welcome new perspectives and learn from each other’s unique experiences. We would encourage you to submit an application if this is a role you would be passionate about doing every day. Compensation: The anticipated starting salary (base) range for this role is $85,500 - $114,000 per year. Actual salary varies due to factors that may include but not be limited to relevant experience, skills, and location. At EAB, it is not typical for an individual to be hired at or near the top of the starting salary range for their role. This hire will additionally be eligible for discretionary bonus or incentive compensation. Variable compensation may depend on various factors, such as individual and organizational performance. Benefits: Consistent with our belief that our employees are our most valuable resource, EAB offers a competitive and inclusive benefits package. Our benefits currently include: Medical, dental, and vision insurance plans; dependents and domestic partners eligible 20+ days of PTO annually, in addition to paid firm and floating holidays Daytime leave policy for community service and flextime for fitness activities (up to 10 hours per month each) 401(k) retirement savings plan with annual discretionary company matching contribution Health savings account, healthcare and dependent care flexible spending account, and pre-tax commuter plans Employee assistance program with counseling services and resources available to all employees and immediate family Wellness programs including gym discounts, incentives to promote healthy living, and family access to the leading app for sleep, meditation, and relaxation Fertility treatment coverage and adoption or surrogacy assistance Paid parental leave with phase back to work program for birthing and non-birthing parents Access to milk shipping service to support nursing employees during business travel Discounted pet health insurance coverage for dog and cat family members Company-provided life, AD&D, and insurance Financial wellness resources and membership in a robust employee discount program Access to employee resource groups, merit-based advancement, and dynamic professional growth opportunities Benefits kick in day one; learn more at eab.com/careers/benefits. This opening is not eligible for visa sponsorship at this time; EAB will thus consider candidates who possess U.S. work authorization that does not require employment-based visa sponsorship now or in the future. At EAB, we believe that to fulfill our mission to “make education smarter and our communities stronger” we need team members who bring a of perspectives to the table and are committed to fostering a workplace where each team member is valued, respected and heard. To that end, EAB is an Equal Opportunity Employer, and we make employment decisions on the basis of qualifications, merit and business need. We don’t discriminate on the basis of , , , , or expression, , , non-disqualifying physical or mental , , veteran status or any other basis covered by appropriate law.

#J-18808-Ljbffr