Remote Application Security Engineer II

Select how often (in days) to receive an alert:

Data Analysis Incorporated (DAI) is the controlling entity of the O’Neil family of businesses. DAI and its subsidiaries operate in diverse industries worldwide, including global equity markets, health care, financial services, digital news, and insurance. Our global footprint allows our teams to be responsive to customer needs in a timely and efficient manner. We are dedicated to using technology and innovation to bring change and growth to our businesses. We believe in a dynamic workplace, creating engaging, informative products and services that help our customers succeed. Integrity is an essential characteristic for our firms and our associates

The Application Security Engineer II plays a key role within the infrastructure team, working on 30% operational and 70% planned project work. This position requires a more advanced understanding of application security, with an emphasis on running and being responsible for ongoing security programs such as vulnerability management. You will work closely with other teams to ensure a strong security posture by implementing proactive security measures and remediating issues. You will also support and mentor junior engineers while contributing to the development and management of security policies and procedures.

• Lead the execution of security scans on applications and infrastructure, ensuring timely identification of vulnerabilities.
• Take ownership of the vulnerability management program, ensuring continuous monitoring, reporting, and remediation of security risks.
• Run static code analysis tools (e.g., Checkmarx) and collaborate with development teams to address security findings.
• Manage and enhance application security tools and processes, integrating them into CI/CD pipelines and broader infrastructure operations.
• Monitor web technologies, such as REST API services, for security vulnerabilities, and apply mitigations as needed.
• Serve as the point of contact for security incidents, managing detection, response, and post-incident analysis.
• Regularly review and update security policies, standards, and documentation.
• Collaborate with cross-functional teams to ensure security best practices are embedded throughout the software development lifecycle.
• Stay informed about the latest security trends, vulnerabilities, and threats, and apply this knowledge to improve security processes.
• Mentor and support junior engineers (Level 1) in day-to-day security tasks.

• Minimum 3-5 years of experience in application security or related roles.
• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent work experience).
• Strong experience with vulnerability management tools and processes.In-depth knowledge of web technologies, including REST API services, and related security vulnerabilities.
• Proficient in running static code analysis tools such as Checkmarx or equivalent.
• This role requires working knowledge of Python and C# to read, understand, and provide security guidance on application code. This role will not be expected to write production code, but must be comfortable reading application code, reproducing security issues, and advising developers on secure coding practices, particularly when triaging findings from SAST/DAST tools
• Advanced understanding of security monitoring, incident response, and risk management.
• Strong organizational and multitasking abilities in a fast-paced, dynamic environment.
• Industry certifications such as CISSP, CEH, or similar are preferred

Must be able to perform the essential job duties. Work is performed primarily in an office environment. Typically requires the ability to sit for extended periods of time (66%+ each work day), ability to hear the telephone, ability to enter data on a computer and may also require the ability to lift up to 10 pounds.

Data Analysis Inc is an equal opportunity employer. All aspects of employment including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.