Senior Application Security Engineer

$100,000 - $125,000/Yr

Citizens Bank - Johnston, RI

posted about 2 months ago

Full-time - Mid Level
Johnston, RI
Credit Intermediation and Related Activities

About the position

In this role, you will be part of a smart and collaborative team working to identify, interpret, and help drive vulnerability remediation in enterprise applications. You will be responsible for participating in the coordination and presentation of application vulnerability reviews to development, risk, audit, and business teams. This role is technical and will require you to be proficient in the use of state-of-the-art application vulnerability scanning tools and support critical efforts within the environment to improve the application security profile of the organization. You must possess a passion for finding and fixing application vulnerabilities, think analytically, and have the ability to learn fast to hit the ground running with whatever task or event may be thrown at you.

Responsibilities

  • Hands on use of automated tools and manual testing techniques to identify flaws, weaknesses, vulnerabilities and attack vectors in web applications (SAST, DAST, & IAST).
  • Automating application security solutions across the enterprise.
  • Driving innovative thinking and ideas to enable continuous improvement across Attack Surface Management.
  • Monitoring and responding to Open Source Software weaknesses and exposures.
  • Reviewing and coordinating changes to cyber security policies, procedures, and standards.
  • Self-auditing our application security program in an effort to instill continuous improvement.
  • Guiding development teams in best practices across all stages of the SDLC process.
  • Evangelizing and driving Application Security inside the company.
  • Building a very close working relationship with application development and QA teams.
  • Developing and updating security patterns aligned with security requirements.
  • Creating, producing and maintaining metrics associated with the application security program.

Requirements

  • Knowledge and understanding of the OWASP top 10.
  • 3 or more years of strong applicable security or development experience.
  • Hands-on experience operating in an Agile/DevSecOps oriented environments.
  • Experience implementing and supporting application security tools in automated build pipelines.
  • Ability to present complex, technical information to a variety of audiences, both technical and non-technical, in written and/or oral formats.
  • Demonstrable experience with application security testing techniques such as white/black box code analysis, fuzzing, penetration testing and code scanning.
  • Experience with automated static (SAST) and dynamic (DAST) tools is a plus.
  • Manual security testing and analysis of web applications, API's, and mobile applications.
  • Skilled in at least one major scripting or programming language (Python, Powershell, JavaScript, Go, Java, C/C++).
  • Recall level of knowledge of SDLC principles.
  • Strong presentation and communication skills (written and oral).
  • Threat modeling and/or participation in secure design or architecture reviews is a plus.
  • Application development background is a plus.
  • Good time management skills and the ability to commit and adhere to time-sensitive deliverables.
  • Experience with Jira and ServiceNow for service delivery is preferred.

Nice-to-haves

  • Specific Experience with Snyk, Semgrep, or any ASPM Platforms preferred.
  • Bachelor's degree preferred.
  • Security related certifications such as OSCP, OSWE, CSSLP, GWAPT, GWEB, CEH preferred.

Benefits

  • Competitive pay
  • Comprehensive medical, dental and vision coverage
  • Retirement benefits
  • Maternity/paternity leave
  • Flexible work arrangements
  • Education reimbursement
  • Wellness programs
  • Paid time off policy exceeds mandatory requirements.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service