Applications Security Engineer (Remote)

Great opportunity within this growing Financial Services organization with over 500 nationwide locations and 7000 employees. This is an employee focused company providing on-site massages, full gym, wellness, yoga as well as a great work / life balance. In this role you will be responsible for the overall quality within the organization including planning, designing, implementing, testing, and reporting metrics for automated testing. Working with teammates you will be responsible for advancing, managing and ensuring the Application Security Analytics best practices and performing validation and testing of web and mobile applications to ensure products meet internal and industry standards.

• Provide and manage application security throughout the SDLC
• Providing subject-matter expertise, review static code analysis findings for vulnerabilities and provide mitigation recommendations to delivery teams,
• Providing subject-matter expertise to assist in the maintenance and enhancement of the security architecture throughout the SDLC,
• Coordinate with IT operations and project delivery teams to ensure strong adherence to secure development lifecycle processes and procedures,
• Perform threat modeling and rapid risk assessments on critical application and architectural changes,
• Coordinate with IT operations and project delivery teams on forensic analysis on breaches and exploits
• Assist in the development of application security and architecture security training materials
• Assist QA automation in the development of security-oriented unit tests

• Strong experience in cybersecurity engineering including experience with secure application architecture
• Strong working knowledge on SAST and DAST tools including SonarQube, ZAP, Burp suite, etc.
• Solid understanding of Data Analytics processes, techniques and systems
• Solid experience performing security testing on web and mobile applications
• Good scripting and/or programming experience
• Experience using secure development frameworks (i.e. MS SDL, OWASL SAMM 2, ASVS, MASVS)
• Good experience working in a DevOps environment
• Solid experience with Windows and Linux systems administration
• Experience with Agile Software Development methodologies including applying security best practices
• Experience with DevOps tools (i.e. Azure pipelines, Jenkins, AWS)
• Experience with containers and serverless technologies
• Working experience in cloud-native application development landscapes (Azure preferred)
• Knowledge on industry standards such as FedRAMP, ISO 27001, OWASP, CWE
• Working knowledge of Python or Bash scripting
• Knowledge of XSS, CRSF, Code Injection, MiTM, and Rainbow Table attacks
• Working knowledge on Oauth2, SAML, OIDC,
• Experience and knowledge of best practices and IT operations in 24X7 environment
• Cyber Security Certifications preferred (CISSP, CSSLP, GCSA, GWEB, etc.)