Smbc - White Plains, NY
posted 4 months ago
The Senior Application Security Engineer role at SMBC Group is a critical position within the Cyber Security team, specifically focused on safeguarding the information systems of Capital Markets. This role requires a deep collaboration with the development community to ensure that all code adheres to the Secure Software Development Lifecycle (SSDLC) process and complies with enterprise security policies. As a subject matter expert, the Senior Application Security Engineer will leverage their expertise to resolve complex security issues while adhering to established guidelines and processes. Reporting directly to the Head of Cyber Security for Capital Markets, this position also has reporting lines into the regional Chief Information Security Officer (CISO) of the Americas Division and the Chief Operating Officer (COO) of Capital Markets. In this role, the engineer will be responsible for managing code scanning vulnerabilities in accordance with organizational policies, working closely with developers to ensure that any identified issues are addressed prior to code deployment in production environments. The ideal candidate will possess a robust development background, enabling them to read and interpret code deficiencies across various programming and scripting languages, and effectively communicate these issues and their resolutions to stakeholders. The Senior Application Security Engineer will engage in several key activities, including operational management of code scanning tools, interfacing with development and security architecture teams on application security topics, and collaborating with the vulnerability management team to ensure timely reporting and validation of identified vulnerabilities. Additionally, the engineer will develop key performance indicators (KPIs) and metrics related to application security risks, and will be responsible for publishing and presenting high-level management reports on the state of the Application Security Program within Capital Markets and Nikko entities. Some manual testing activities may also be required to validate vulnerability or penetration testing findings. The role may necessitate weekend and night work based on project demands and business needs.