Investment Bank | Security Engineer

Role DescriptionThis role is part of a team responsible for administering security projects designed to safeguard our information systems. You will focus on working closely with development community to ensure any code being developed follows the prescribed SSDLC process and enterprise policies and act as a subject matter expert who uses expertise to resolve complex problems in consideration of established policies, and guidelines.Role ObjectivesYou will be responsible for managing respective code scanning tools in the stack and day to day operational management of the terface with development and security architecture teams on topics related to application security for example vulnerability remediation, best practices, threat modeling, terface with the vulnerability management team to ensure vulnerabilities identified are reported and validated according to SLA'sDevelopment of KPIs and metrics related to application security risk working closely with the Americas Division Application Security and Testing teamsQualifications and Skills5+ years of experience as a developer with strong focus on Application Security4+ years of experience with Static Application Security Testing (SAST) or Dynamic App Security Testing (DAST)2+ years of experience with container security issues and container technologiesDevelopment background with one or more of programming languages, C#, C++, Java, Python, .NetAbility to read and understand code deficiencies - Required.Strong knowledge of OWASP Top 10 or CWEAbility to write code fixes for stakeholders and create automation scripts to support internal cybersecurity projects.Experience in developing and maturing CICD pipeline w.r.t code quality and detecting vulnerabilities.

Created: 2025-01-16