Application Security Engineer

• Business group: Application Security – deploying application security vulnerability testing tools used by the Bank for vulnerability testing; currently doing modernization projects updating portfolio for static, dynamic, and mobile testing.
• Project: The resource will play a key role in deploying components of the strategic solution for the Application Security space and providing integration support. The role may involve working on several initiatives. The project is in the development stage, having completed ideation and high-level design, now moving into detailed deployment and development phases.

• Solution Integration: Design and implement integrations between SaaS vendors and bank infrastructure to enable single sign-on, least-privilege access, logging, and auditing.
• CI/CD: Support the integration of CI/CD pipelines with the SaaS vendor solutions.
• Monitoring and Logging: Set up and manage monitoring, logging, and alerting systems using tools like Dynatrace, Zabbix, or similar.
• Cloud Management: Assess and implement best practices for configuring cloud SaaS solutions.
• Collaboration: Work closely with development, operations, and security teams to identify issues, perform threat risk assessments, and improve processes.
• Security: Implement security best practices and ensure compliance to protect system and data integrity and confidentiality.
• Performance Optimization: Analyze system performance and implement improvements to enhance efficiency, reduce latency, and optimize resources.
• Disaster Recovery: Design and implement disaster recovery plans to ensure business continuity and data integrity.

• 10+ years of enterprise IT experience
• 5+ years of experience as a Software, Security, Integration, or DevOps Engineer
• Expert-level development experience with Python (preferred), Java, or Bash, with the ability to mentor, review code, and follow best practices
• 5+ years of experience with Agile methodologies and SDLC
• Experience with CI/CD pipelines and automation tools like Jenkins

• Experience with cloud solutions and containerization, especially GCP (preferred), AWS, Azure
• Experience with security testing tools (SAST, SCA, DAST)
• Knowledge of security connectivity practices (MTLS, SAML, OAuth, IP whitelisting)
• Cybersecurity experience
• Experience in large, highly matrixed enterprise organizations

• Bachelor's degree in a technical field such as computer science

The ideal candidate can work independently with stakeholders to implement and update solutions from design, demonstrate initiative, and be a strong problem solver and strategic thinker. Experience with vulnerability and security testing tools (SAST, SCA, DAST) is crucial, especially if they have used these tools themselves. The candidate should be a strong, independent developer with programming and automation expertise.