



Tier1 Investment Bank in New York City seeks an Application Security Professional to further its Application Security program that promotes best practices in application development for code hardening and a consistent strategy for firm wide protection. The candidate will be responsible for executing the Application Security strategy including aligning security requirements with the SDLC process, partnering and consulting with development leads in IT and peers in Technology Information Risk (TIR) regarding information security risks and providing solutions to minimize those risks to ensure application security can meet the needs of the firm.



Principle duties include:



-Ensuring security policy requirements are properly applied to applications throughout the entire development life cycle.



-Ensuring business units understand security policy requirements and factor them in to their activities.



-Create and maintain partnerships across software engineering, application infrastructure and TIR.



-Apply a risk based approach to address issues and vulnerabilities found in both production and pre-production applications.



Requirements:



-Bachelor's degree or equivalent in Computer Engineering, Computer Science or a related field of study and at least 2 years of progressively responsible experience within the application security space/development background.



-Prior experience can include: performing penetration tests, vulnerability assessments and infrastructure security reviews for web applications and their supporting network infrastructure; and performing secure coding review.



-Experience with security architecture, digital security methodologies and deployments and threat modeling is a plus



-Strong understanding and experience of SDLC methodologies



-Demonstrated team-oriented interpersonal skills, positive impactful communications, business partnership, and project management skills.



-Ability to collaborate and build positive relationships across multiple stakeholders



-Agile thinking and analysis that leads to win-win and innovative solutions for the firm



-Knowledge of static code scanning tools such as Fortify, AppScan, Checkmarx, etc.



-Knowledge of development tools such as Jira, Maven, Jenkins, TeamCity, Artifactory, etc. is a plus



-Familiarity with various industry audit standards including PCI-DSS, SSAE-16 and FFIEC



-Ability to prepare and present project ideas to senior management



