Who We AreJoin a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For list for eight consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com. What We Do As an Application Security Lead, you will be a key member of the Information Security group, leading a team responsible for our overall secure Software Development Life Cycle (SDLC) program. The successful candidate will be responsible for defining application security requirements and ensuring the delivery of secure applications and solutions. The Application Security program is designed to ensure that any software developed by our engineers meets our overall security goals to protect our data. The successful candidate will exhibit the skills of an experienced leader, with a disciplined approach to process. You will work with a group tasked with coordinating across many functional teams to ensure that our applications stay at the highest security level. In a dynamic rapidly growing organization, you will be required to be innovative and collaborative to be successful. Candidate must be comfortable working and communicating with executives and can work at a deep technical level with engineers. What You'll Do: Conduct comprehensive security assessments of applications, systems, and networks to identify vulnerabilities, assess risks, and provide recommendations for enhancement. Collaborate closely with development and operations teams to integrate robust security practices into the software development lifecycle (SDLC) while ensuring compliance with stringent security requirements. Provides consultative leadership and implementation guidance for application teams in the areas of vulnerability remediation and mitigation. Develop and enforce secure coding practices, offering guidance to developers on coding best practices, security standards, and effective vulnerability remediation. Stay abreast of the latest threats, vulnerabilities, and industry best practices in application security. Proactively identify and mitigate potential risks. Monitor, investigate, and respond to security incidents, conducting in-depth root cause analyses, and be consulted on implementing corrective measures to prevent recurrence. Execute security testing, encompassing vulnerability scanning, penetration testing, and code review, to pinpoint and address security weaknesses. Collaborate with cross-functional teams to undertake threat modeling, risk assessments, and security architecture reviews for new applications and systems. Researches, identifies, and documents best practice methods and emerging technologies, evaluating applicability and feasibility to support key business processes and requirements. Manages optimal enterprise application security processes, standards, and technologies. Define, collect, and communicate application vulnerability metrics across all levels of the organization, utilizing the metrics to aid in analyzing the likelihood of emerging threats impacting the organization and identifying the weaknesses that could be potentially exploited Be consulted on incident response efforts, including the investigation, mitigation, and resolution of security incidents. What You'll Bring A Bachelor's degree in Computer Science, Information Security, or a related