Application Security Engineer

$153,000 - $196,000/Yr

Smbc - White Plains, NY

posted 4 months ago

Full-time - Executive
Remote - White Plains, NY
10,001+ employees

About the position

The Senior Application Security Engineer role at SMBC Group is a critical position within the Cyber Security team, specifically focused on safeguarding the information systems of Capital Markets. This role requires a deep collaboration with the development community to ensure that all code adheres to the Secure Software Development Lifecycle (SSDLC) process and complies with enterprise security policies. As a subject matter expert, the Senior Application Security Engineer will leverage their expertise to resolve complex security issues while adhering to established guidelines and processes. Reporting directly to the Head of Cyber Security for Capital Markets, this position also has reporting lines into the regional Chief Information Security Officer (CISO) of the Americas Division and the Chief Operating Officer (COO) of Capital Markets. In this role, the engineer will be responsible for managing code scanning vulnerabilities in accordance with organizational policies, working closely with developers to ensure that any identified issues are addressed prior to code deployment in production environments. The ideal candidate will possess a robust development background, enabling them to read and interpret code deficiencies across various programming and scripting languages, and effectively communicate these issues and their resolutions to stakeholders. The Senior Application Security Engineer will engage in several key activities, including operational management of code scanning tools, interfacing with development and security architecture teams on application security topics, and collaborating with the vulnerability management team to ensure timely reporting and validation of identified vulnerabilities. Additionally, the engineer will develop key performance indicators (KPIs) and metrics related to application security risks, and will be responsible for publishing and presenting high-level management reports on the state of the Application Security Program within Capital Markets and Nikko entities. Some manual testing activities may also be required to validate vulnerability or penetration testing findings. The role may necessitate weekend and night work based on project demands and business needs.

Responsibilities

  • Work closely with stakeholders to explain code issues and fixes to the development community.
  • Ensure all projects adhere to the Secure Software Development Lifecycle (SDLC) process and that all code is scanned and reported, focusing on SAST, SCA, and Container Security issues.
  • Manage code scanning tools and oversee day-to-day operational management of these tools.
  • Collaborate with development and security architecture teams on application security topics, including vulnerability remediation and best practices.
  • Interface with the vulnerability management team to ensure vulnerabilities are reported and validated according to service level agreements (SLAs).
  • Develop KPIs and metrics related to application security risk in collaboration with the Americas Division Application Security and Testing teams.
  • Publish and present high-level management reports on the state of the Application Security Program within Capital Markets and Nikko entities.
  • Conduct manual testing activities to validate vulnerability or penetration testing findings.
  • Be available for weekend and night work as needed based on project, support, and business requirements.

Requirements

  • 7+ years of experience as a developer with a strong focus on Application Security.
  • Development experience in one or more programming languages such as C#, C++, Java, Python, or .Net.
  • Ability to read and understand code deficiencies is required.
  • Proficient in writing code fixes for stakeholders and creating automation scripts to support internal cybersecurity projects.
  • Experience in developing and maturing CI/CD pipelines with respect to code quality and vulnerability detection.
  • 4+ years of experience with Static Application Security Testing (SAST) or Dynamic Application Security Testing (DAST).
  • 2+ years of experience with container security issues and container technologies.
  • Thorough understanding of the components of the Secure Software Development Lifecycle.
  • Strong knowledge of OWASP Top 10 or CWE.
  • Understanding of common software threats and their mitigations.
  • Detail-oriented with the ability to create comprehensive process documentation.
  • Experience with Jira and Confluence.

Nice-to-haves

  • Bug Bounty and/or penetration testing experience.

Benefits

  • Competitive salary range between $153,000.00 and $196,000.00 based on qualifications and experience.
  • Annual discretionary incentive award eligibility.
  • Comprehensive benefits portfolio including health insurance, retirement plans, and more.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service