Lead Application Security Engineer - Remote

Lead Application Security Engineer - Remote

Apply locations Remote - United States time type Full time posted on Posted Yesterday job requisition id REQ-4316

Join TriumphX!

TriumphX, a member of the Triumph Financial portfolio of brands, provides a concentration of technology and project management resources to the members of the Triumph Financial portfolio of brands – TriumphPay, Triumph, and TBK Bank – via a shared service model. We’re looking for top tech and project management talent to analyze, recommend, and build strategic solutions that support Triumph Financial’s mission to become a world-class, market-leading financial and technology company.

Lead Application Security Engineer

In this role, you will lead Cybersecurity and apply technical application security testing expertise to assist in identifying application vulnerabilities. As a Lead Application Security Engineer, we hope you possess a solid understanding of application security assessments, code reviews, penetration testing, and vulnerability management. You'll also be responsible for serving as a subject matter expert in product security architecture, security testing, secure design review, and security engineering.

A Day in the Life:

• Design and implement SDLC practices including code reviews, static/dynamic code analysis, and vulnerability assessments.
• Implement various types of scanning (SAST, DAST, SCA, etc.) into the CI/CD pipelines and ensure results are appropriately surfaced to developers.
• Develop security-related libraries used in the environment.
• Collaborate with developers and conduct regular security assessments.
• Develop security integrations to be used in CI/CD pipeline and for development teams.
• Work with development teams to ensure that application security risks are identified and remediated in a timely manner while maintaining a balance between security & usability.
• Consult and train developers on secure coding practices and ensure development teams are validating for OWASP.
• Triage vulnerabilities from dynamic and static scanning tools with development teams.
• Perform web application penetration testing.
• Implement security strategies to mature the OWASP software assurance maturity model.
• Manage and tune web application firewalls.
• Design and implement technologies to automate security processes.
• Consult on secure architecture, least privileged design, threat mitigations, and security standard methodologies.
• Other duties as assigned.

To Succeed in this role you'll need:

• Bachelor’s Degree in Computer Science or related field is preferred.
• 5+ years of experience in application security, application development, and DevSecOps.
• OSWE, GWAPT, or similar certification is preferred.
• Ability to communicate and present security concepts to technical and non-technical audiences.
• Knowledge with SOX and SOC2 compliance is a plus.
• Knowledge of AWS and Kubernetes or related cloud/container technologies is preferred.
• Experience with identity lifecycle management and federation technologies such as SAML.
• Knowledge of Docker, Kubernetes, Jenkins, and GitHub.
• Extensive knowledge of the OWASP Top 10.

Certification Preferences:

• Preferably, one or more of the following: GWEB, CSSLP, GPEN, or CRISC.

Additional skills you must have:

• Ability to function with moderate supervision.
• Strong interpersonal skills.
• Quality written and oral communication, and presentation skills.
• Critical thinking and problem-solving skills.
• Attention to detail.
• Commitment to operational excellence and continuous process improvement.
• Willingness to expand and apply security knowledge, skills, and abilities to department initiatives.

#LI-BA1

***Remote U.S. excluding the following states: AK, DE, ID, ND, RI, VT, WY***

COMP: 146,600 - 227,000

We offer Medical, Dental, Vision, Paid Time Off, 401k and much more.