Position Overview Are you passionate about securing data and applications in a dynamic environment? Join us as a Senior Data and Application Security Engineer and lead the charge in safeguarding our business applications and data across both on-premises and cloud infrastructures. You'll collaborate with developers, stakeholders, and project managers to embed security principles into every stage of the engineering and deployment process. Your expertise will be crucial in developing scripts for custom API integrations and data ETL tools, ensuring robust security measures are in place. About the Role: Secure and Protect: Safeguard business applications and data in compliance with privacy, security, business resiliency, and compliance frameworks. Identity and Access Management: Deploy strong IDAM controls across applications and computing environments. Script Development: Assist with creating and maintaining scripts (e.g., Python, PowerShell) to support custom API integrations and data ETL tools with a security focus. Consultation: Attend technical project meetings and serve as the security consultant to guide secure application development configurations. Remediation: Manage remediation efforts after security assessments to address weaknesses. Stay Updated: Keep abreast of current and proposed security changes impacting regulatory, privacy, and industry best practices. Collaboration: Build relationships with developers, stakeholders, and project managers to incorporate security principles into engineering design and deployments. Testing and Validation: Supervise testing and validation of application security controls across projects. Automation: Simplify automation that integrates security with CI/CD pipelines. Shift Left: Support early incorporation of security throughout the development lifecycle. Communication: Communicate vulnerability results effectively to both technical and non-technical business units. Continuous Learning: Regularly research new tactics, techniques, and procedures (TTPs) and assess risk to implement/validate controls. Compliance Training: Participate in all required compliance training, including Bank Secrecy Act/anti-money laundering training. Other Duties: Perform other duties as assigned. What We’re Looking For: Experience: 5+ years in information technology, information security, or security operations. Education: Bachelor's degree in Cybersecurity or a related field, or equivalent education experience. Required Skills: Technical and analytical expertise in technology design, implementation, and delivery. Experience with agile workflows and CI/CD pipelines. Proficiency in scripting (Python, PowerShell). Knowledge of OWASP, CVSS, MITRE ATT&CK framework, and SDLC. Experience managing data protection platforms and secure application integration. Integrity, curiosity, adaptability, and effective communication. Preferred Skills: Understanding of Elixir programming language. Experience with static and dynamic code scanning tools (Sobelow, SonarQube). Experience maintaining security policies in a Secure Email Gateway (Mimecast, Proofpoint). Experience with web application testing software (Burpsuite). Experience with Varonis and/or Guardium data protection tools. Supervisory Responsibility: N/A Working Environment and Physical Demands: Schedule flexibility to work evenings and weekends as needed. We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state, or local protected class. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Salary:
Employment Type: Full-time
Qualifications
[]