Application Security Engineer

Job Description: About Us We are a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. We advise, originate, manage and distribute capital for governments, institutions and individuals. As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. We provide you a superior foundation for building a professional career where you can learn, achieve and grow. We embrace integrity, excellence, teamwork and giving back. About the Team The mission of the Cloud Security & Developer Enablement team is to implement the Firm’s Cybersecurity Strategy by architecting, engineering, deploying and operating technical security controls and capabilities for the Enterprise. This is achieved by continued focus on architectural rigor, automation, agile delivery and adoption of Cloud and application security control implementations by development community. Responsibilities As part of this team, you will: Implement specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications. Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes. Define the security rules that need to be adhered to at a code level in web and mobile applications written in .NET, Java, React, Python and other languages. Provide security guidance to developers in the form of secure coding standards and guidelines. Support security standards, create templates and patterns to increase the efficiency and adoption of security program. Work with our partners to implement, manage, and optimize security measures within our GitHub repositories to continuously improve code integrity and protect against vulnerabilities. Required Skillset 5+ years software development experience using Python Working with APIs, including but not limited to ReST Unit testing frameworks Multi-process and multi-thread architecture 5+ years experience in Linux, strong Bash scripting skills Good understanding of SQL to extract relevant information for reporting and analysis Working knowledge of Windows environment, simple scripting DOS-batch etc. Bachelor’s degree with 10+ years of work experience in the IT field Ability to process large datasets for reporting and analysis Desired Skillset A self-starter, with a strong desire for learning new technologies and applying them to solve problems Knowledge of SAST, OSS technologies Ability to perform Python code reviews with minimal assistance Expertise in monitoring, alerting, reporting, data analysis is desired Experience with application build environments like Jenkins, Teamcity etc. DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a plus Experience with evaluation, integration and onboarding of security tools such as DAST, RASP, WAF, vulnerability scanner results, container analyzers, open source scanning etc is a plus #J-18808-Ljbffr ALLTECH CONSULTING SVC INC