Press Tab to Move to Skip to Content Link Select how often (in days) to receive an alert: Houghton Mifflin Harcourt is a global learning company with the mission of changing people's lives by fostering passionate, curious learners. Among the world's largest providers of pre-K-12 education solutions, HMH combines cutting-edge research, editorial excellence, and technological innovation to improve teaching and learning environments and solve complex literacy and education challenges. HMH's interactive, results-driven education solutions are utilized by 50 million students in over 150 countries, and its renowned and awarded novels, non-fiction, children's books, and reference works are enjoyed by readers throughout the world. For more information, visit  http://www.hmhco.com/.  The Information Technology organization is transforming to realize our mission: Become a leader in HMH’s digital transformation, and as a strategic partner, innovate and deliver highest value, competitive advantage solutions across all corporate and business functions. Our ambition is to be a digital leader through innovation and develop and deliver leading edge technology such as robotic process automation and artificial intelligence to solve some of HMH’s greatest operational business challenges. Our professionals will have business relevant skills to connect our HMH partners to technologies that propel the businesses to deliver the greatest value for HMH and our customers. We are building a team of IT professionals with an insatiable appetite to learn, a relentless focus on customer service, a technological curiosity toward future possibilities, and a creativity in solving business challenges with leading technologies. Our team will find ways to work together, create a sense of community where it’s safe to take risks and learn together, develop our careers, and all have an opportunity to work on new technologies. We will work together, learn together and have fun together. As a team, we will lead HMH’s digital transformation. The Opportunity –  Security Staff Engineer The Staff Security Engineer will report to the Director of Information Security Engineering. As a leader in the Information Security organization, this role will lead the task of refining, managing and executing strategic product/application security roadmap that is based on industry standard software security frameworks. You will plan, implement and track key initiatives focused on product / application security strategy, metrics, compliance, policy, developer awareness, training and stakeholder engagement. You should be comfortable communicating security directives to all employees including but not limited to Team Members, Leadership and Executives when required. You will work closely with multiple teams that make up Information Security, Product Management, Engineering, Legal, Risk and Compliance to improve product / application security controls and drive impactful change to the team and its members.  Duties & Responsibilities include: Work closely with Application, Systems and Network engineering teams on the design, development, and operation of secure online services Proficient in analyzing ambiguous problems, compelling communicator with the ability to receive and analyze information, translating security risk to business risk to driving actionable decisions across multiple levels and departments Work on leading application security remediation work, leading the mitigation initiative to accommodate the developer community priority Working knowledge of exploits and attack vectors for vulnerabilities such as SQL injection, XSS, CSRF, session hijacking and other OWASP vulnerabilities. Working knowledge of Identification and Validation of Security vulnerabilities in Application Work on security incident response and forensics investigation activities Work on Network/Application security vulnerability assessment and management Work on regulatory requirements and ability to implement technical aspects and other compliance standards where applicable. Review and monitoring of cloud infrastructure, physical infrastructure, and the full life cycle of security alerts etc. through incident response. Work as an internal advocate to ensure securing data, systems, applications, and networks in accordance with security best practices Perform various IT system support and tasks as needed specific to the areas of security Work independently and efficiently to meet deadlines Stay abreast of latest cyber security threats both internal and external Support and implement controls and visibility to meet third party attestations (SOC2, ISO27001, GDPR, SOX) Qualifications 2+ years of application engineering management experience; 5+ years of application architecture or development experience 3 to 4+ years hands-on experience in application security utilizing SAST, DAST, IAST, RASP and WAF. 3 years with Spring/MVC and Spring filter development and J2EE design patterns and IOC 2+ years scripting or programming experience in Ruby, Python, Shell/BASH scripting, Java, C/C++, C*, Perl, or other languages. 2+ years’ experience with vulnerability Assessment tools, e.g., Nessus, Qualys, etc. 1+ years of experience with SIEM tools such as Splunk, Sumo Logic, etc. 1+ years’ experience in identifying security issues and risks and developing mitigation plans. 2+ years of experience with security infrastructures within cloud environments Proficient experience with common web application attack vectors and related mitigation strategies that translate to controls within the organization Experience within an CIS, NIST or ISO 27001 managed framework. Good understanding of cloud platforms, security, and tools (e.g., PaaS, IasS, SaaS). Knowledge to operate and support AWS shared services components Strong understanding of encryption and authentication technologies Excellent communication (oral and written), interpersonal, organizational, and presentation skills with an ability to represent complex data in executive level graphical reporting dashboards. Highly organized in doing communication with multiple teams with strong organizational skills Experience working with other cloud platform teams and accommodating requirements from those teams (compute, networking, search, store). Experience of working in a collaborative, agile development environment. Familiarity and understanding of modern web application development with good experience in HTML/CSS/ React/AngularJS Knowledge of Servlets/JSP/JDBC/JMS/Hibernate/Servlet filters Knowledge of Webservice technologies including SOAP/REST/JSON/XML/JAX-RS Experience in leading application security remediation work, leading the mitigation initiative to accommodate the developer community priority. Experience in Design, develop, and debug software for externally facing corporate web sites within Web Content Management framework. ABOUT US: Houghton Mifflin Harcourt (NASDAQ:HMHC) is a global learning company dedicated to changing people’s lives by fostering passionate, curious learners. As a leading provider of pre-K–12 education content, services, and cutting-edge technology solutions across a variety of media, HMH enables learning in a changing landscape. HMH is uniquely positioned to create engaging and effective educational content and experiences from early childhood to beyond the classroom. HMH serves more than 50 million students in over 150 countries worldwide, while its award-winning children's books, novels, non-fiction, and reference titles are enjoyed by readers throughout the world. For more information, visit http://careers.hmhco.com Houghton Mifflin Harcourt is committed to a comprehensive policy of Equal Opportunities and we aim to create a workplace which provides for equal opportunities for all employees and potential employees. Job Segment: Web Design, Publishing, Education, Marketing, Creative