Job Description :
This bank is seeking Application Security Professional to further its Application Security program that promotes best practices in application development for code hardening and a consistent strategy for firm wide protection. The candidate will be responsible for executing the Application Security strategy including aligning security requirements with the SDLC process, partnering and consulting with development leads in IT and peers in Technology Information Risk (TIR) regarding information security risks and providing solutions to minimize those risks to ensure application security can meet the needs of the firm.
Principal duties include
Ensuring security policy requirements are properly applied to applications throughout the entire development life cycle.
Ensuring business units understand security policy requirements and factor them in to their activities.
Create and maintain partnerships across software engineering, application infrastructure and TIR.
Apply a risk based approach to address issues and vulnerabilities found in both production and pre-production applications.
Requirements
Bachelor''s degree or equivalent in Computer Engineering, Computer Science or a related field of study and at least 2 years of progressively responsible experience within the application security space/development background.
Prior experience can include: performing penetration tests, vulnerability assessments and infrastructure security reviews for web applications and their supporting network infrastructure; and performing secure coding review.
Experience with security architecture, digital security methodologies and deployments and threat modeling is a plus
Strong understanding and experience of SDLC methodologies
Demonstrated team-oriented interpersonal skills, positive impactful communications, business partnership, and project management skills.
Ability to collaborate and build positive relationships across multiple stakeholders
Agile thinking and analysis that leads to win-win and innovative solutions for the firm
Knowledge of static code scanning tools such as Fortify, AppScan, Checkmarx, etc.
Knowledge of development tools such as Jira, Maven, Jenkins, TeamCity, Artifactory, etc. is a plus
Familiarity with various industry audit standards including PCI-DSS, SSAE-16 and FFIEC
Ability to prepare and present project ideas to senior management