Application Security Engineer

$153,000 - $196,000/Yr

Sumitomo Mitsui Financial Group - White Plains, NY

posted 4 months ago

Full-time - Mid Level
Remote - White Plains, NY
10,001+ employees
Credit Intermediation and Related Activities

About the position

SMBC Group is a top-tier global financial group with a rich 400-year history, headquartered in Tokyo. The group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance, with a presence in nearly 40 countries and over 80,000 employees worldwide. The role of Senior Application Security Engineer is crucial in safeguarding Capital Market's information systems. This position requires close collaboration with the development community to ensure adherence to the Secure Software Development Lifecycle (SSDLC) process and enterprise policies. The engineer will act as a subject matter expert, leveraging their expertise to resolve complex security issues while adhering to established guidelines and processes. Reporting to the Head of Cyber Security of Capital Markets, the engineer will also have reporting lines into the regional Chief Information Security Officer (CISO) of the Americas Division and the Capital Markets' Chief Operating Officer (COO).

Responsibilities

  • Administer security projects designed to safeguard Capital Market's information systems.
  • Work closely with the development community to ensure code follows the prescribed SSDLC process and enterprise policies.
  • Act as a subject matter expert to resolve complex problems in accordance with established policies and guidelines.
  • Ensure that all code scanning vulnerabilities follow organizational policies and work with developers to fix issues before code release.
  • Manage respective code scanning tools and oversee day-to-day operational management of these tools.
  • Interface with development and security architecture teams on application security topics such as vulnerability remediation and best practices.
  • Collaborate with the vulnerability management team to ensure vulnerabilities are reported and validated according to SLAs.
  • Develop KPIs and metrics related to application security risk in collaboration with the Americas Division Application Security and Testing teams.
  • Publish and present high-level management reports on the state of the Application Security Program within Capital Markets and Nikko entities.
  • Conduct manual testing activities to validate vulnerability or penetration testing findings.

Requirements

  • 7+ years of experience as a developer with a strong focus on Application Security.
  • Development background in one or more programming languages such as C#, C++, Java, Python, or .Net.
  • Ability to read and understand code deficiencies.
  • Ability to write code fixes for stakeholders and create automation scripts for internal cybersecurity projects.
  • Experience in developing and maturing CI/CD pipelines concerning code quality and vulnerability detection.
  • 4+ years of experience with Static Application Security Testing (SAST) or Dynamic Application Security Testing (DAST).
  • 2+ years of experience with container security issues and technologies.
  • Thorough understanding of the components of the Secure Software Development Lifecycle.
  • Strong knowledge of OWASP Top 10 or CWE.
  • Understanding of common software threats and mitigations.
  • Process and detail-oriented with the ability to create detailed process documentation.
  • Experience with Jira/Confluence.

Nice-to-haves

  • Bug Bounty and/or penetration testing experience.

Benefits

  • Competitive salary range between $153,000.00 and $196,000.00 based on qualifications and experience.
  • Annual discretionary incentive award eligibility.
  • Comprehensive benefits portfolio.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service