Application Security Engineer
Job Description
We are a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. We advise, originate, manage and distribute capital for governments, institutions and individuals. As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. We provide you a superior foundation for building a professional career where you can learn, achieve and grow. We embrace integrity, excellence, teamwork and giving back. As a market leader, the talent and passion of our people is critical to our success. The people provide our clients with the finest thinking, products and services to help them achieve even the most challenging goals.
About the Team:
The mission of the Cloud Security & Developer Enablement team is to implement the Firm’s Cybersecurity Strategy by architecting, engineering, deploying and operating technical security controls and capabilities for the Enterprise. This is achieved by continued focus on architectural rigor, automation, agile delivery and adoption of Cloud and application security control implementations by development community.
What You’ll Do:
• Be part of a team of engineers to implement specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications.
• Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes.
• Define the security rules that needs to be adhered to at a code level in web and mobile applications written in .NET, Java, React, Python and other languages.
• With your development background and security knowledge, provide security guidance to developers in the form secure coding standards and guidelines.
• Support security standards, create templates and patterns to increase the efficiency and adoption of security program.
• Work with our partners to implement, manage, and optimizing security measures within our GitHub repositories to continuously improve code integrity and protect against vulnerabilities.
• Must have: 5+ years software development experience using Python
o Working with APIs, including but not limited to ReST
o Unit testing frameworks
o Multi-process and multi-thread architecture
• Must have: 5+ years in linux, strong bash scripting skills.
• Good understanding of SQL to extract relevant information for reporting and analysis
• Working knowledge of windows environment, simple scripting dos-batch etc.
• Bachelor’s degree with 10+ years of work experience in the IT field
• Ability to process large datasets for reporting and analysis.
• A self-starter, with a strong desire for learning new technologies and applying them to solve problems
• Knowledge of SAST, OSS technologies
• Ability to perform Python code reviews with minimal assistance
• Expertise in monitoring, alerting, reporting, data analysis is desired.
• Experience with application build environments like Jenkins, Teamcity etc.
• DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a plus
• Experience with evaluation, integration and onboard of security tools such as DAST, RASP, WAF, vulnerability scanner results, container analyzers, open source scanning etc is a plus
