Director - Application Security Engineering: Web Application Firewall (WAF)

FINRA - Rockville, MD

posted 3 months ago

Full-time - Senior
Rockville, MD
Executive, Legislative, and Other General Government Support

About the position

Under general direction from Cyber and Information Security (CIS) Leadership, the Director of Application Security Engineering oversees the Secure Software Development Lifecycle (SSDLC), including all relevant tooling, processes, training and guidance to educate the organization's development community and help drastically minimize the security risks to its applications, data and hosting environment. The Director defines or reviews relevant information security strategies, policies, and standards - most specifically focused on Web Application Firewall (WAF). At FINRA, we infuse innovation into how we work. We use cutting-edge technologies like AI, machine learning, cloud computing, and big data analytics to protect investors and ensure market integrity. As a result of our pioneering work, Computerworld ranked us #2 globally as a Best Place to work in IT among mid-sized companies in 2024. Join our forward-thinking culture and elevate your career. Manage a team focused on delivering high quality security testing, or secure development and operations, results within the Application Security Program. This includes assignment coordination and training of subordinate staff, and backup coverage for next level management. Define, review or promote relevant security strategy, policies, standards, guidelines and procedures. Perform project management and status reporting to leadership on all major initiatives within the purview of the respective team. Create the team roadmap in alignment with organizational needs, any relevant business cases for new capabilities or staff to support the program, and oversee relevant budget planning and maintenance. Oversee the establishment and maintenance of processes and techniques used to identify, validate, and prioritize security risks on FINRA's in-house and proprietary software applications, including both on-premises and AWS cloud-based hosting. Oversee secure software development or security testing for full SDLC from initiation to release for relevant technologies such as Java/J2EE, .NET or Python. Develop and implement strategies to promote consistent use of security controls across the enterprise. Oversee the execution of manual and automated secure software development activities by deploying, configuring, monitoring, or testing security controls, utilizing cyber security tools, to perform service security assessments, integrations, or operations. Identify, evaluate, and recommend new security technologies, techniques, and tools; prepare and deliver professional communications, including security assessment reports, status reports or dashboards and/or training briefings.

Responsibilities

  • Oversee the Secure Software Development Lifecycle (SSDLC) including tooling, processes, training, and guidance.
  • Define or review relevant information security strategies, policies, and standards focused on Web Application Firewall (WAF).
  • Manage a team focused on delivering high quality security testing and secure development results within the Application Security Program.
  • Perform project management and status reporting to leadership on all major initiatives.
  • Create the team roadmap in alignment with organizational needs and oversee relevant budget planning and maintenance.
  • Establish and maintain processes to identify, validate, and prioritize security risks on software applications.
  • Oversee secure software development or security testing for full SDLC from initiation to release.
  • Develop and implement strategies to promote consistent use of security controls across the enterprise.
  • Oversee execution of manual and automated secure software development activities using cyber security tools.
  • Identify, evaluate, and recommend new security technologies, techniques, and tools.

Requirements

  • Bachelor's degree in Computer Science, Information Systems or related discipline with at least seven (7) years of related experience, or equivalent training and/or work experience; Master's degree preferred.
  • Direct experience in securing networks and systems architecture, design and implementation, secure software assurance, intrusion detection, defense and incident response, security configuration management, access controls design and implementation, and security policy and standards development.
  • In-depth knowledge of more than one communications protocol.
  • Experience managing several Cyber Security tools, including Configuration Assessment, Log Aggregation, Integrity Verification, Web Application Security Testing, Network Access Control System, Network Intrusion prevention systems, and Endpoint Security Solutions.
  • Strong written and verbal technical communication skills.
  • Demonstrated ability to develop effective working relationships that improve the quality of work products.
  • Ability to maintain focus and develop proficiency in new skills rapidly.
  • Excellent planning skills.

Nice-to-haves

  • Master's degree in a related field.
  • Past Financial Services industry experience.

Benefits

  • Comprehensive health, dental and vision insurance.
  • Basic life, accidental death and dismemberment, supplemental life, spouse/domestic partner and dependent life insurance.
  • Short- and long-term disability insurance.
  • 401(k) plan with company match and additional FINRA-funded retirement contribution.
  • Tuition reimbursement.
  • 15 days of paid time off, 5 personal days, and 9 sick days (pro-rated in the first year).
  • Two volunteer service days.
  • Paid military leave, jury duty leave, bereavement leave, and childbirth and parental leave.
  • Nine paid holidays.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service