This job is closed
We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.
Comerica - Auburn Hills, MI
posted 2 months ago
About the position
The Application Security Engineer at Comerica Bank is responsible for enhancing security within the bank's web application environments. This role involves working with both dynamic and static code analyzers, communicating vulnerabilities to development teams, and coaching them on remediation strategies. The engineer will integrate security tools into development pipelines, conduct threat modeling exercises, and guide aspiring application security professionals. The position requires collaboration with the Penetration Testing team and a proactive approach to identifying and mitigating security threats.
Responsibilities
- Perform integration of static and dynamic code scan output into CI/CD pipeline.
- Review code analysis output and translate findings into actionable items.
- Utilize finding management software to track remediations with development teams.
- Conduct education and resolution training for development and application teams.
- Research emerging threats and the threat landscape.
- Provide forensic cyber event analysis.
- Identify means to reduce cyber-attack effectiveness.
- Look for continuous improvement of detections for operationalization.
- Lead threat modeling workshops to identify vulnerabilities.
- Champion industry standard Threat Modeling frameworks such as STRIDE.
- Update detection tools as new vulnerabilities emerge.
- Stay informed about new vulnerabilities and their implications for Comerica's environment.
- Work closely with Cyber and Technology partners to solve security problems.
- Serve as the escalation point for cyber incidents and application vulnerability research.
- Proactively communicate with application development teams about vulnerabilities and solutions.
- Identify and evaluate projects to enhance threat detection capabilities.
- Provide expert guidance on complex projects to incorporate cyber and fraud detection considerations.
- Participate in industry working and information sharing groups.
- Keep management informed of the status of threats and current incidents through appropriate reporting.
- Actively participate on committees representing Cybersecurity.
- Stay abreast of leading-edge technologies in the application security space.
Requirements
- Bachelor's degree in Computer Science, Mathematics, Information Technology, Big Data, Cyber Security, or equivalent experience.
- 8 years of progressive cyber security technology experience.
- 5 years of experience in application security engineering.
- 2 years of experience with Static Application Security Testing (SAST), preferably Snyk.
- 2 years of experience with Dynamic Application Security Testing (DAST), preferably Rapid7.
- 2 years of web application development or object-oriented programming experience.
- 2 years of experience working with attack vectors in OWASP top 10.
- 1 year of experience in threat modeling.
