Senior Security Engineer Assistant Vice President

Who We are

Charles River Development (CRD) is the FinTech division of State Street. Together with State Street’s Middle and Back-office services, Charles River’s cloud-based Front Office technology forms the foundation of the State Street Alpha Platform, the first front-to-back solution in the industry.

Industry momentum has seen CRD grow over 135% in headcount over the last 5 years, and we continue to grow. As a digital innovation leader, we invest into our solutions, processes, systems, and talent.

CRD / Alpha Platform Engineering organization is innovating and transforming the platform by moving away from monolithic software to utilizing next generation cloud-based technology that leverages Microsoft Azure, Kafka, Snowflake, etc.

Position Summary

Be an integral part of an agile organization and contribute to the security of our products. As a Security Engineer you will be a technical contributor to maintain and enhance the software security program at Charles River Development. The security program encompasses vulnerability identification and tracking, assessment and scoring (via CVSS), vulnerability remediation management, software design review, code review and threat modeling.

You will be part of a team who actively identifies potential security risks and vulnerabilities and continuously improves the overall security posture of the system.

This role involves providing guidance on best practices and assist in training team members on secure coding standards. The role requires a deep understanding of software development, security principles, and latest industry trends with an open mind for innovation.

What you will be responsible for

• Lead and perform security code reviews (automated/manual) and identify implementations that will lead to security vulnerabilities.
• Perform security scans for open-source software, and document findings.
• Conduct manual penetration tests, validate all applicable security controls, and document findings.
• Collaborate with CRD Engineers to develop vulnerability remediation plans and drive implementation.
• Triage and validate vulnerability remediation.
• Identify vulnerabilities in third party libraries using security scan tools.
• Identify security vulnerabilities in the release artifacts and work with engineering and product management to close out open vulnerabilities and approve releases.
• Coach and mentor junior resources on security best practices.
• Identify gaps and optimize existing security processes.
• Champion innovation and lead technical projects.

Education and Preferred Qualifications

• B.S. degree (or foreign education equivalent) in Computer Science, Engineering, Mathematics, Physics, or other technical course of study required.
• A minimum of 7+ years of progressively responsible experience as security engineer, among which at least 2+ years of focus on secure SDLC is required.
• Demonstrated knowledge of common vulnerabilities and corresponding remediation approaches.
• Advanced technical knowledge of techniques, standards and state-of-the art capabilities for identity management, authentication, authorization, Single-Sign-On, applied cryptography, and security vulnerability remediation.
• Strong working experience in security code reviews and vulnerability assessment is required.
• Strong written and verbal communication skills.
• Strong analytical and problem-solving skills.
• Certifications such as CISSP, CISM, SABSA, TOGAF or similar are a plus.