*Position is bonus eligible* Prestigious Financial Company is currently seeking a Senior DevOps CI/CD Engineer with strong AWS experience. Candidate will provide subject matter expertise for ongoing support of applications deployed to non-production AWS environments and supporting 3rd party applications. Identify root causes and automate solutions in support of development. Candidate will have a deep understanding of DevOps practices, leadership skills, and expertise in various tools and technologies. You will be working in a fast-paced, dynamic environment, using cutting-edge tools and cloud technologies. Manage day to day activities when called upon. Responsibilities: Desing Develop release and support, Cloud Native applications running on Containers Kubernetes and Docker within AWS. DevOps Strategy: Develop and implement DevOps strategies and best practices to enhance development, testing, and deployment processes. Possess in-depth knowledge and hands-on experience with DevOps tools and technologies, including but not limited to GitHub, Jenkins, Terraform, Ansible, Kafka, AWS, Apigee. Support the lower environments for incident and problem management. Resolve complex support issues in non-production environments. Create procedural and troubleshooting documentation related to cloud native applications. Write complex automation scripts using common automation tools, such as yaml, Json, Bash, Groovy, Ansible, Terraform and python, Perform other duties as assigned Qualifications: Excellent problem-solving skills. Ability to work independently. Ability to work with management to prioritize tasks. Demonstrate strong confidence in abilities and knowledge. Ability to work well in crisis situations. Ability to work under minimal supervision. Flexibility to be on call from 5 PM to 7 AM for 3 months per year. Good written and oral communication skills. Technical Skills: Expertise on Kubernetes and Docker, including best practices Expertise in cloud containerization; design, develop and troubleshoot Strong programming or Scripting skills in yaml, Helm Charts, Json, Bash, Groovy, Ansible, Terraform, python or Java. Advance level on Networking technologies CI/CD tools such as Artifactory, Jenkins, and GIT, SonarQube Experience with cloud-based systems such as AWS, Azure, or Google Cloud, including expertise in IaC and CaC; Ansible, Terraform Experience with Kafka infrastructure and processes Understanding of software development methodologies and Agile practices Excellent analytical and problem-solving skills, with the ability to troubleshoot and identify the root cause of issues Good verbal and written communication skills, with the ability to collaborate effectively with cross-functional teams. Familiarity with monitoring and logging tools such Elk stack, Splunk. Familiarity with Technologies used to support microservices. Minimum 7 years experience working in a distributed multi-platform environment. Minimum 3 years experience working with Kubernetes. Minimum 3 years experience working on Scripting or Programming Bachelor's degree in a related area Cloud Certification a plus
01/07/2025
Full time
*Position is bonus eligible* Prestigious Financial Company is currently seeking a Senior DevOps CI/CD Engineer with strong AWS experience. Candidate will provide subject matter expertise for ongoing support of applications deployed to non-production AWS environments and supporting 3rd party applications. Identify root causes and automate solutions in support of development. Candidate will have a deep understanding of DevOps practices, leadership skills, and expertise in various tools and technologies. You will be working in a fast-paced, dynamic environment, using cutting-edge tools and cloud technologies. Manage day to day activities when called upon. Responsibilities: Desing Develop release and support, Cloud Native applications running on Containers Kubernetes and Docker within AWS. DevOps Strategy: Develop and implement DevOps strategies and best practices to enhance development, testing, and deployment processes. Possess in-depth knowledge and hands-on experience with DevOps tools and technologies, including but not limited to GitHub, Jenkins, Terraform, Ansible, Kafka, AWS, Apigee. Support the lower environments for incident and problem management. Resolve complex support issues in non-production environments. Create procedural and troubleshooting documentation related to cloud native applications. Write complex automation scripts using common automation tools, such as yaml, Json, Bash, Groovy, Ansible, Terraform and python, Perform other duties as assigned Qualifications: Excellent problem-solving skills. Ability to work independently. Ability to work with management to prioritize tasks. Demonstrate strong confidence in abilities and knowledge. Ability to work well in crisis situations. Ability to work under minimal supervision. Flexibility to be on call from 5 PM to 7 AM for 3 months per year. Good written and oral communication skills. Technical Skills: Expertise on Kubernetes and Docker, including best practices Expertise in cloud containerization; design, develop and troubleshoot Strong programming or Scripting skills in yaml, Helm Charts, Json, Bash, Groovy, Ansible, Terraform, python or Java. Advance level on Networking technologies CI/CD tools such as Artifactory, Jenkins, and GIT, SonarQube Experience with cloud-based systems such as AWS, Azure, or Google Cloud, including expertise in IaC and CaC; Ansible, Terraform Experience with Kafka infrastructure and processes Understanding of software development methodologies and Agile practices Excellent analytical and problem-solving skills, with the ability to troubleshoot and identify the root cause of issues Good verbal and written communication skills, with the ability to collaborate effectively with cross-functional teams. Familiarity with monitoring and logging tools such Elk stack, Splunk. Familiarity with Technologies used to support microservices. Minimum 7 years experience working in a distributed multi-platform environment. Minimum 3 years experience working with Kubernetes. Minimum 3 years experience working on Scripting or Programming Bachelor's degree in a related area Cloud Certification a plus
Request Technology - Craig Johnson
Chicago, Illinois
*Position is bonus eligible* Prestigious Financial Company is currently seeking a Senior DevOps CI/CD Engineer with strong AWS experience. Candidate will provide subject matter expertise for ongoing support of applications deployed to non-production AWS environments and supporting 3rd party applications. Identify root causes and automate solutions in support of development. Candidate will have a deep understanding of DevOps practices, leadership skills, and expertise in various tools and technologies. You will be working in a fast-paced, dynamic environment, using cutting-edge tools and cloud technologies. Manage day to day activities when called upon. Responsibilities: Desing Develop release and support, Cloud Native applications running on Containers Kubernetes and Docker within AWS. DevOps Strategy: Develop and implement DevOps strategies and best practices to enhance development, testing, and deployment processes. Possess in-depth knowledge and hands-on experience with DevOps tools and technologies, including but not limited to GitHub, Jenkins, Terraform, Ansible, Kafka, AWS, Apigee. Support the lower environments for incident and problem management. Resolve complex support issues in non-production environments. Create procedural and troubleshooting documentation related to cloud native applications. Write complex automation scripts using common automation tools, such as yaml, Json, Bash, Groovy, Ansible, Terraform and python, Perform other duties as assigned Qualifications: Excellent problem-solving skills. Ability to work independently. Ability to work with management to prioritize tasks. Demonstrate strong confidence in abilities and knowledge. Ability to work well in crisis situations. Ability to work under minimal supervision. Flexibility to be on call from 5 PM to 7 AM for 3 months per year. Good written and oral communication skills. Technical Skills: Expertise on Kubernetes and Docker, including best practices Expertise in cloud containerization; design, develop and troubleshoot Strong programming or Scripting skills in yaml, Helm Charts, Json, Bash, Groovy, Ansible, Terraform, python or Java. Advance level on Networking technologies CI/CD tools such as Artifactory, Jenkins, and GIT, SonarQube Experience with cloud-based systems such as AWS, Azure, or Google Cloud, including expertise in IaC and CaC; Ansible, Terraform Experience with Kafka infrastructure and processes Understanding of software development methodologies and Agile practices Excellent analytical and problem-solving skills, with the ability to troubleshoot and identify the root cause of issues Good verbal and written communication skills, with the ability to collaborate effectively with cross-functional teams. Familiarity with monitoring and logging tools such Elk stack, Splunk. Familiarity with Technologies used to support microservices. Minimum 7 years experience working in a distributed multi-platform environment. Minimum 3 years experience working with Kubernetes. Minimum 3 years experience working on Scripting or Programming Bachelor's degree in a related area Cloud Certification a plus
01/07/2025
Full time
*Position is bonus eligible* Prestigious Financial Company is currently seeking a Senior DevOps CI/CD Engineer with strong AWS experience. Candidate will provide subject matter expertise for ongoing support of applications deployed to non-production AWS environments and supporting 3rd party applications. Identify root causes and automate solutions in support of development. Candidate will have a deep understanding of DevOps practices, leadership skills, and expertise in various tools and technologies. You will be working in a fast-paced, dynamic environment, using cutting-edge tools and cloud technologies. Manage day to day activities when called upon. Responsibilities: Desing Develop release and support, Cloud Native applications running on Containers Kubernetes and Docker within AWS. DevOps Strategy: Develop and implement DevOps strategies and best practices to enhance development, testing, and deployment processes. Possess in-depth knowledge and hands-on experience with DevOps tools and technologies, including but not limited to GitHub, Jenkins, Terraform, Ansible, Kafka, AWS, Apigee. Support the lower environments for incident and problem management. Resolve complex support issues in non-production environments. Create procedural and troubleshooting documentation related to cloud native applications. Write complex automation scripts using common automation tools, such as yaml, Json, Bash, Groovy, Ansible, Terraform and python, Perform other duties as assigned Qualifications: Excellent problem-solving skills. Ability to work independently. Ability to work with management to prioritize tasks. Demonstrate strong confidence in abilities and knowledge. Ability to work well in crisis situations. Ability to work under minimal supervision. Flexibility to be on call from 5 PM to 7 AM for 3 months per year. Good written and oral communication skills. Technical Skills: Expertise on Kubernetes and Docker, including best practices Expertise in cloud containerization; design, develop and troubleshoot Strong programming or Scripting skills in yaml, Helm Charts, Json, Bash, Groovy, Ansible, Terraform, python or Java. Advance level on Networking technologies CI/CD tools such as Artifactory, Jenkins, and GIT, SonarQube Experience with cloud-based systems such as AWS, Azure, or Google Cloud, including expertise in IaC and CaC; Ansible, Terraform Experience with Kafka infrastructure and processes Understanding of software development methodologies and Agile practices Excellent analytical and problem-solving skills, with the ability to troubleshoot and identify the root cause of issues Good verbal and written communication skills, with the ability to collaborate effectively with cross-functional teams. Familiarity with monitoring and logging tools such Elk stack, Splunk. Familiarity with Technologies used to support microservices. Minimum 7 years experience working in a distributed multi-platform environment. Minimum 3 years experience working with Kubernetes. Minimum 3 years experience working on Scripting or Programming Bachelor's degree in a related area Cloud Certification a plus
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a strong Application Security Engineer. Candidate will work closely with other members of the Security Services, IT Development Teams, and Development teams to support application and software security initiatives, projects, and operations. Responsibilities: Application Security/Secure SDLC Build and optimize our security tooling stack, including SAST, DAST, SCA, and IaC. Implement DevSecOps principles and integrate tools into CI/CD pipelines and developer workflows. Define and improve secure SDLC processes designing and implementing a developer friendly secure SDLC framework tailored to the delivery model. Automate security checks in CI/CD pipelines and developer tools to ensure continuous visibility and successful delivery. Build out process for threat modelling and secure design review process. Implement security for supply chain security, AI/ML application security, Open source etc. Review reports of the testing and conduct security risk assessments of the vulnerabilities. The use and maintenance of cloud and self-managed security scanning tools, manual source code reviews, and manual penetration assessments. Conduct IT/Security code review meetings to eliminate false positives and encourage collaboration between Security and IT development teams. Assist with application security vulnerability management including implementation of new vulnerability management tools. Debrief users and provide remediation strategy on findings. Ensure alignment of security controls in testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices. Perform ongoing reviews of application releases to ensure only secure and reviewed code is pushed to prod, with automation tasks as necessary. Develop scripts/automation to assist development teams with interpreting results from pipeline vulnerability verification reports to facilitate vulnerability remediation. Qualifications: Experience with CI/CD pipelines and software development/coding: Docker, Jenkins, GitHub, SVN, Terraform, and others. Exceptional analytical, problem solving and troubleshooting skills with the ability to exercise good judgment while developing creative solutions. Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, Google Cloud Platform, IaaS/PaaS/SaaS). Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed. Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications. Strong knowledge of common enterprise infrastructure technology stacks and network configurations. Exhibit ability to understand and modify code in a diverse range of programming languages and frameworks; must have direct practical experience with one or more high level programming languages. Technical Skills: Deep knowledge of common web, API and cloud vulnerabilities (eg OWASP Top 10, CWE, auth flaws etc.). Deep understanding of vulnerabilities, reachability, exploitability and how they affect applications. Familiarity with secure coding principles across multiple languages (eg python, Java, JavaScript etc.). Knowledge of how security fits into platform engineering and cloud native stacks. Deep understanding of application layer attacks and defense mechanisms (CCS, CSRF, SQLi, XXE, SSRF, broken access control etc.). Familiarity with API security (REST & GraphQL), Postman, OOWASP top 10). Proficiency with artifact repositories and implementing security controls around component ingestion. Knowledge of shift-left strategies and embedding controls early in the development life cycle. Familiarity with Kubernetes security, container scanning and cloud infrastructure as code. Ability to triage and prioritize vulnerabilities based on exploitability, impact and business context. Strong proficiency application security and vulnerability management. Strong experience with custom Scripting (python, C++, PowerShell, bash, etc.) and process automation. Some proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark etc.). Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls. Experience with dedicated document management tools (eg, DMS, PolicyTech) a plus. Familiarity with application frameworks and their built-in security services and API s (ie, Sun J2EE, MS .NET, OMG CORBA, Spring, etc.). Knowledge of security architecture design and principles including confidentiality, integrity and availability. Knowledge of automated code scanning tools and development pipeline tools. Understanding of security concepts and practices, including those for authentication, authorization, access control and auditing as well as best practices (eg OWASP). Familiarity with application authentication and authorization systems (ie, CA SiteMinder, RSA SecurID/ACE, Active Directory, and LDAP). Fundamental understanding of network and data communications technologies Knowledge of (AWS, Azure, Google Cloud Platform) Cloud security concepts, best practices, and environments. Knowledge of Secure DevOps concepts. Education and/or Experience: BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 5+ Years experience in Application Security or Information Security environment. Experience writing scripts and working with containers in a CI/CD pipeline. Exposure to security architecture design through application development or knowledge of security concepts/best practices. Certificates or Licenses: Security-related certifications (CISSP, CISA, CRISK, ISSAP, GSLC, OSCP, OSCE, GPEN, or GXPN, etc.) highly desired. Professional network and/or security certifications a plus (ie, GIAC, CISSP, CISA, CISM, CRISC) Cloud security automation certifications a plus (ie GCSA) Penetration testing certifications a plus (ie OSCP, GWAPT)
01/07/2025
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a strong Application Security Engineer. Candidate will work closely with other members of the Security Services, IT Development Teams, and Development teams to support application and software security initiatives, projects, and operations. Responsibilities: Application Security/Secure SDLC Build and optimize our security tooling stack, including SAST, DAST, SCA, and IaC. Implement DevSecOps principles and integrate tools into CI/CD pipelines and developer workflows. Define and improve secure SDLC processes designing and implementing a developer friendly secure SDLC framework tailored to the delivery model. Automate security checks in CI/CD pipelines and developer tools to ensure continuous visibility and successful delivery. Build out process for threat modelling and secure design review process. Implement security for supply chain security, AI/ML application security, Open source etc. Review reports of the testing and conduct security risk assessments of the vulnerabilities. The use and maintenance of cloud and self-managed security scanning tools, manual source code reviews, and manual penetration assessments. Conduct IT/Security code review meetings to eliminate false positives and encourage collaboration between Security and IT development teams. Assist with application security vulnerability management including implementation of new vulnerability management tools. Debrief users and provide remediation strategy on findings. Ensure alignment of security controls in testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices. Perform ongoing reviews of application releases to ensure only secure and reviewed code is pushed to prod, with automation tasks as necessary. Develop scripts/automation to assist development teams with interpreting results from pipeline vulnerability verification reports to facilitate vulnerability remediation. Qualifications: Experience with CI/CD pipelines and software development/coding: Docker, Jenkins, GitHub, SVN, Terraform, and others. Exceptional analytical, problem solving and troubleshooting skills with the ability to exercise good judgment while developing creative solutions. Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, Google Cloud Platform, IaaS/PaaS/SaaS). Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed. Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications. Strong knowledge of common enterprise infrastructure technology stacks and network configurations. Exhibit ability to understand and modify code in a diverse range of programming languages and frameworks; must have direct practical experience with one or more high level programming languages. Technical Skills: Deep knowledge of common web, API and cloud vulnerabilities (eg OWASP Top 10, CWE, auth flaws etc.). Deep understanding of vulnerabilities, reachability, exploitability and how they affect applications. Familiarity with secure coding principles across multiple languages (eg python, Java, JavaScript etc.). Knowledge of how security fits into platform engineering and cloud native stacks. Deep understanding of application layer attacks and defense mechanisms (CCS, CSRF, SQLi, XXE, SSRF, broken access control etc.). Familiarity with API security (REST & GraphQL), Postman, OOWASP top 10). Proficiency with artifact repositories and implementing security controls around component ingestion. Knowledge of shift-left strategies and embedding controls early in the development life cycle. Familiarity with Kubernetes security, container scanning and cloud infrastructure as code. Ability to triage and prioritize vulnerabilities based on exploitability, impact and business context. Strong proficiency application security and vulnerability management. Strong experience with custom Scripting (python, C++, PowerShell, bash, etc.) and process automation. Some proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark etc.). Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls. Experience with dedicated document management tools (eg, DMS, PolicyTech) a plus. Familiarity with application frameworks and their built-in security services and API s (ie, Sun J2EE, MS .NET, OMG CORBA, Spring, etc.). Knowledge of security architecture design and principles including confidentiality, integrity and availability. Knowledge of automated code scanning tools and development pipeline tools. Understanding of security concepts and practices, including those for authentication, authorization, access control and auditing as well as best practices (eg OWASP). Familiarity with application authentication and authorization systems (ie, CA SiteMinder, RSA SecurID/ACE, Active Directory, and LDAP). Fundamental understanding of network and data communications technologies Knowledge of (AWS, Azure, Google Cloud Platform) Cloud security concepts, best practices, and environments. Knowledge of Secure DevOps concepts. Education and/or Experience: BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 5+ Years experience in Application Security or Information Security environment. Experience writing scripts and working with containers in a CI/CD pipeline. Exposure to security architecture design through application development or knowledge of security concepts/best practices. Certificates or Licenses: Security-related certifications (CISSP, CISA, CRISK, ISSAP, GSLC, OSCP, OSCE, GPEN, or GXPN, etc.) highly desired. Professional network and/or security certifications a plus (ie, GIAC, CISSP, CISA, CISM, CRISC) Cloud security automation certifications a plus (ie GCSA) Penetration testing certifications a plus (ie OSCP, GWAPT)
NO SPONSORSHIP Associate Principal, Security Engineering (Application Security) SALARY: $160k - $170k plus 15% bonus LOCATION: DALLAS, TX On site 3 days a week Application security, web applications, network applications. This position works closely with other members of the Security Services, IT Development Teams, and Development teams to support application and software security initiatives, projects, and operations. Responsibilities include: Candidate would perform Network/Application and Web Application security. Also create custom scripts and perform automation while also perform security assessments on both Legacy on prem and cloud environments. Candidate would also Identify, document and communicate vulnerabilities. Primary Duties and Responsibilities: Application Security/Secure SDLC Build and optimize our security tooling stack, including SAST, DAST, SCA, and IaC. Implement DevSecOps principles and integrate tools into CI/CD pipelines and developer workflows. Define and improve secure SDLC processes - designing and implementing a developer friendly secure SDLC framework tailored to the delivery model. Automate security checks in CI/CD pipelines and developer tools to ensure continuous visibility and successful delivery. Build out process for threat modelling and secure design review process. Implement security for supply chain security, AI/ML application security, Open source etc. Review reports of the testing and conduct security risk assessments of the vulnerabilities. The use and maintenance of cloud and self-managed security scanning tools, manual source code reviews, and manual penetration assessments. Conduct IT/Security code review meetings to eliminate false positives and encourage collaboration between Security and IT development teams. Assist with application security vulnerability management including implementation of new vulnerability management tools. Qualifications: The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions. Experience with CI/CD pipelines and software development/coding: Docker, Jenkins, GitHub, SVN, Terraform, and others. Exceptional analytical, problem solving and troubleshooting skills with the ability to exercise good judgment while developing creative solutions. Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, GCP, IaaS/PaaS/SaaS). Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed. Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications. Strong knowledge of common enterprise infrastructure technology stacks and network configurations. Exhibit ability to understand and modify code in a diverse range of programming languages and frameworks; must have direct practical experience with one or more high level programming languages. Technical Skills: Deep knowledge of common web, API and cloud vulnerabilities (eg OWASP Top 10, CWE, auth flaws etc.). Deep understanding of vulnerabilities, reachability, exploitability and how they affect applications. Familiarity with secure coding principles across multiple languages (eg python, Java, JavaScript etc.). Knowledge of how security fits into platform engineering and cloud native stacks. Deep understanding of application layer attacks and defense mechanisms (CCS, CSRF, SQLi, XXE, SSRF, broken access control etc.). Familiarity with API security (REST & GraphQL), Postman, OOWASP top 10). Proficiency with artifact repositories and implementing security controls around component ingestion. Knowledge of shift-left strategies and embedding controls early in the development life cycle. Familiarity with Kubernetes security, container scanning and cloud infrastructure as code. Ability to triage and prioritize vulnerabilities based on exploitability, impact and business context. Strong proficiency application security and vulnerability management. Strong experience with custom Scripting (python, C++, PowerShell, bash, etc.) and process automation. Some proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark etc.). Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls. Experience with dedicated document management tools (eg, DMS, PolicyTech) a plus. Familiarity with application frameworks and their built-in security services and API's (ie, Sun J2EE, MS .NET, OMG CORBA, Spring, etc.). Knowledge of security architecture design and principles including confidentiality, integrity and availability. Knowledge of automated code scanning tools and development pipeline tools. Understanding of security concepts and practices, including those for authentication, authorization, access control and auditing as well as best practices (eg OWASP). Familiarity with application authentication and authorization systems (ie, CA SiteMinder, RSA SecurID/ACE, Active Directory, and LDAP). Fundamental understanding of network and data communications technologies Knowledge of (AWS, Azure, GCP) Cloud security concepts, best practices, and environments. Knowledge of Secure DevOps concepts. Education and/or Experience: BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 5+ Years' experience in Application Security or Information Security environment. Experience writing scripts and working with containers in a CI/CD pipeline. Exposure to security architecture design through application development or knowledge of security concepts/best practices. Certificates or Licenses: Security-related certifications (CISSP, CISA, CRISK, ISSAP, GSLC, OSCP, OSCE, GPEN, or GXPN, etc.) highly desired. Professional network and/or security certifications a plus (ie, GIAC, CISSP, CISA, CISM, CRISC) Cloud security automation certifications a plus (ie GCSA) Penetration testing certifications a plus (ie OSCP, GWAPT)
01/07/2025
Full time
NO SPONSORSHIP Associate Principal, Security Engineering (Application Security) SALARY: $160k - $170k plus 15% bonus LOCATION: DALLAS, TX On site 3 days a week Application security, web applications, network applications. This position works closely with other members of the Security Services, IT Development Teams, and Development teams to support application and software security initiatives, projects, and operations. Responsibilities include: Candidate would perform Network/Application and Web Application security. Also create custom scripts and perform automation while also perform security assessments on both Legacy on prem and cloud environments. Candidate would also Identify, document and communicate vulnerabilities. Primary Duties and Responsibilities: Application Security/Secure SDLC Build and optimize our security tooling stack, including SAST, DAST, SCA, and IaC. Implement DevSecOps principles and integrate tools into CI/CD pipelines and developer workflows. Define and improve secure SDLC processes - designing and implementing a developer friendly secure SDLC framework tailored to the delivery model. Automate security checks in CI/CD pipelines and developer tools to ensure continuous visibility and successful delivery. Build out process for threat modelling and secure design review process. Implement security for supply chain security, AI/ML application security, Open source etc. Review reports of the testing and conduct security risk assessments of the vulnerabilities. The use and maintenance of cloud and self-managed security scanning tools, manual source code reviews, and manual penetration assessments. Conduct IT/Security code review meetings to eliminate false positives and encourage collaboration between Security and IT development teams. Assist with application security vulnerability management including implementation of new vulnerability management tools. Qualifications: The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions. Experience with CI/CD pipelines and software development/coding: Docker, Jenkins, GitHub, SVN, Terraform, and others. Exceptional analytical, problem solving and troubleshooting skills with the ability to exercise good judgment while developing creative solutions. Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, GCP, IaaS/PaaS/SaaS). Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed. Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications. Strong knowledge of common enterprise infrastructure technology stacks and network configurations. Exhibit ability to understand and modify code in a diverse range of programming languages and frameworks; must have direct practical experience with one or more high level programming languages. Technical Skills: Deep knowledge of common web, API and cloud vulnerabilities (eg OWASP Top 10, CWE, auth flaws etc.). Deep understanding of vulnerabilities, reachability, exploitability and how they affect applications. Familiarity with secure coding principles across multiple languages (eg python, Java, JavaScript etc.). Knowledge of how security fits into platform engineering and cloud native stacks. Deep understanding of application layer attacks and defense mechanisms (CCS, CSRF, SQLi, XXE, SSRF, broken access control etc.). Familiarity with API security (REST & GraphQL), Postman, OOWASP top 10). Proficiency with artifact repositories and implementing security controls around component ingestion. Knowledge of shift-left strategies and embedding controls early in the development life cycle. Familiarity with Kubernetes security, container scanning and cloud infrastructure as code. Ability to triage and prioritize vulnerabilities based on exploitability, impact and business context. Strong proficiency application security and vulnerability management. Strong experience with custom Scripting (python, C++, PowerShell, bash, etc.) and process automation. Some proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark etc.). Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls. Experience with dedicated document management tools (eg, DMS, PolicyTech) a plus. Familiarity with application frameworks and their built-in security services and API's (ie, Sun J2EE, MS .NET, OMG CORBA, Spring, etc.). Knowledge of security architecture design and principles including confidentiality, integrity and availability. Knowledge of automated code scanning tools and development pipeline tools. Understanding of security concepts and practices, including those for authentication, authorization, access control and auditing as well as best practices (eg OWASP). Familiarity with application authentication and authorization systems (ie, CA SiteMinder, RSA SecurID/ACE, Active Directory, and LDAP). Fundamental understanding of network and data communications technologies Knowledge of (AWS, Azure, GCP) Cloud security concepts, best practices, and environments. Knowledge of Secure DevOps concepts. Education and/or Experience: BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 5+ Years' experience in Application Security or Information Security environment. Experience writing scripts and working with containers in a CI/CD pipeline. Exposure to security architecture design through application development or knowledge of security concepts/best practices. Certificates or Licenses: Security-related certifications (CISSP, CISA, CRISK, ISSAP, GSLC, OSCP, OSCE, GPEN, or GXPN, etc.) highly desired. Professional network and/or security certifications a plus (ie, GIAC, CISSP, CISA, CISM, CRISC) Cloud security automation certifications a plus (ie GCSA) Penetration testing certifications a plus (ie OSCP, GWAPT)
Software Engineering - DevOps Salary: Open Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 5-7 years of related experience Minimum 5 years' experience working in a distributed multi-platform environment. Minimum 2 years' experience working with Kafka including Kafka MRC Minimum 3 years supporting enterprise monitoring technologies Technical skill set CI/CD tools such as Artifactory, Jenkins, and GIT Cloud native applications Technologies used to support microservices. Experience with cloud-based system AWS including expertise in infrastructure-as-code tools such as Terraform or CloudFormation Strong programming skills in Java or Python Containerization technologies such as Docker or Kubernetes Responsibilities DevOps Strategy: Develop and implement DevOps strategies and best practices to enhance development, testing, and deployment processes. Support the lower environments for incident and problem management. Resolve complex support issues in non-production environments. Understand Cloud Native applications running on Kubernetes within AWS. Write complex automation scripts using common automation tools, such as Groovy, Ansible, and Terraform
01/07/2025
Full time
Software Engineering - DevOps Salary: Open Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 5-7 years of related experience Minimum 5 years' experience working in a distributed multi-platform environment. Minimum 2 years' experience working with Kafka including Kafka MRC Minimum 3 years supporting enterprise monitoring technologies Technical skill set CI/CD tools such as Artifactory, Jenkins, and GIT Cloud native applications Technologies used to support microservices. Experience with cloud-based system AWS including expertise in infrastructure-as-code tools such as Terraform or CloudFormation Strong programming skills in Java or Python Containerization technologies such as Docker or Kubernetes Responsibilities DevOps Strategy: Develop and implement DevOps strategies and best practices to enhance development, testing, and deployment processes. Support the lower environments for incident and problem management. Resolve complex support issues in non-production environments. Understand Cloud Native applications running on Kubernetes within AWS. Write complex automation scripts using common automation tools, such as Groovy, Ansible, and Terraform
Software Engineering - DevOps Salary: Open Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 5-7 years of related experience Minimum 5 years' experience working in a distributed multi-platform environment. Minimum 2 years' experience working with Kafka including Kafka MRC Minimum 3 years supporting enterprise monitoring technologies Technical skill set CI/CD tools such as Artifactory, Jenkins, and GIT Cloud native applications Technologies used to support microservices. Experience with cloud-based system AWS including expertise in infrastructure-as-code tools such as Terraform or CloudFormation Strong programming skills in Java or Python Containerization technologies such as Docker or Kubernetes Responsibilities DevOps Strategy: Develop and implement DevOps strategies and best practices to enhance development, testing, and deployment processes. Support the lower environments for incident and problem management. Resolve complex support issues in non-production environments. Understand Cloud Native applications running on Kubernetes within AWS. Write complex automation scripts using common automation tools, such as Groovy, Ansible, and Terraform
01/07/2025
Full time
Software Engineering - DevOps Salary: Open Location: Chicago, IL or Dallas, TX Hybrid: 3 days onsite, 2 days remote *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree 5-7 years of related experience Minimum 5 years' experience working in a distributed multi-platform environment. Minimum 2 years' experience working with Kafka including Kafka MRC Minimum 3 years supporting enterprise monitoring technologies Technical skill set CI/CD tools such as Artifactory, Jenkins, and GIT Cloud native applications Technologies used to support microservices. Experience with cloud-based system AWS including expertise in infrastructure-as-code tools such as Terraform or CloudFormation Strong programming skills in Java or Python Containerization technologies such as Docker or Kubernetes Responsibilities DevOps Strategy: Develop and implement DevOps strategies and best practices to enhance development, testing, and deployment processes. Support the lower environments for incident and problem management. Resolve complex support issues in non-production environments. Understand Cloud Native applications running on Kubernetes within AWS. Write complex automation scripts using common automation tools, such as Groovy, Ansible, and Terraform
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for a Director, Java Software Engineering. This Director will lead a software development team working with Java, Python, Flink, Spark, Kafka, big data processing, DevOps tools, data warehousing/management, etc. Responsibilities: Manage, lead, build, and mentor software development team Serve as technical product owner flushing out detailed business, architectural, and design requirements Develop solutions to complex technical challenges while coding, testing, troubleshooting and documenting the systems you and your team develop Recommend architectural changes and new technologies and tools that improve the efficiency and quality of company systems and development processes Lead the efforts to optimize application performance and resilience though analysis, code refactoring, and systems tuning Qualifications: BS degree in Computer Science, similar technical field, or equivalent practical experience. Master's degree preferred 8-10 years of experience in building high performance, large scale data solutions Hands-on development experience with multiple programming languages such as Python and Java Experience with distributed message brokers like Flink, Spark, Kafka Streams, etc. Experience with Agile development processes for enterprise software solutions Experience with software testing methodologies and automated testing frameworks Experience with Big Data processing technologies and frameworks such as Presto, Hadoop, MapReduce, and Spark Hands-on experiences designing and implementing RESTful APIs Knowledge and understanding of DevOps tools and technologies such as Terraform, Git, Jenkins, Docker, Harness, Nexus/Artifactory, and CI/CD pipelines Knowledge of SQL, data warehousing design concepts, various data management systems (structured and semi structured) and integrating with various database technologies (Relational, NoSQL) Experience working with Cloud ecosystems (AWS, Azure, GCP) Experience with stream processing technologies and frameworks such as Kafka, Spark Streaming, Flink Experience with cloud technologies and migrations using public cloud vendor preferably using cloud foundational services like AWS's VPCs, Security groups, EC2, RDS, S3 ACLs, KMS, AWS CLI and IAM etc. Experience with high speed distributed computing frameworks such as AWS EMR, Hadoop, HDFS, S3, MapReduce, Apache Spark, Apache Hive, Kafka Streams, Apache Flink etc. Experience working with various types of databases like Relational, NoSQL, Object-based, Graph Working knowledge of DevOps tools. Eg Terraform, Ansible, Jenkins, Kubernetes, Helm and CI/CD pipeline etc. Familiarity with monitoring related tools and frameworks like Splunk, ElasticSearch, Prometheus, AppDynamics
30/06/2025
Full time
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for a Director, Java Software Engineering. This Director will lead a software development team working with Java, Python, Flink, Spark, Kafka, big data processing, DevOps tools, data warehousing/management, etc. Responsibilities: Manage, lead, build, and mentor software development team Serve as technical product owner flushing out detailed business, architectural, and design requirements Develop solutions to complex technical challenges while coding, testing, troubleshooting and documenting the systems you and your team develop Recommend architectural changes and new technologies and tools that improve the efficiency and quality of company systems and development processes Lead the efforts to optimize application performance and resilience though analysis, code refactoring, and systems tuning Qualifications: BS degree in Computer Science, similar technical field, or equivalent practical experience. Master's degree preferred 8-10 years of experience in building high performance, large scale data solutions Hands-on development experience with multiple programming languages such as Python and Java Experience with distributed message brokers like Flink, Spark, Kafka Streams, etc. Experience with Agile development processes for enterprise software solutions Experience with software testing methodologies and automated testing frameworks Experience with Big Data processing technologies and frameworks such as Presto, Hadoop, MapReduce, and Spark Hands-on experiences designing and implementing RESTful APIs Knowledge and understanding of DevOps tools and technologies such as Terraform, Git, Jenkins, Docker, Harness, Nexus/Artifactory, and CI/CD pipelines Knowledge of SQL, data warehousing design concepts, various data management systems (structured and semi structured) and integrating with various database technologies (Relational, NoSQL) Experience working with Cloud ecosystems (AWS, Azure, GCP) Experience with stream processing technologies and frameworks such as Kafka, Spark Streaming, Flink Experience with cloud technologies and migrations using public cloud vendor preferably using cloud foundational services like AWS's VPCs, Security groups, EC2, RDS, S3 ACLs, KMS, AWS CLI and IAM etc. Experience with high speed distributed computing frameworks such as AWS EMR, Hadoop, HDFS, S3, MapReduce, Apache Spark, Apache Hive, Kafka Streams, Apache Flink etc. Experience working with various types of databases like Relational, NoSQL, Object-based, Graph Working knowledge of DevOps tools. Eg Terraform, Ansible, Jenkins, Kubernetes, Helm and CI/CD pipeline etc. Familiarity with monitoring related tools and frameworks like Splunk, ElasticSearch, Prometheus, AppDynamics
NO SPONSORSHIP Security Engineering (Application Security) SALARY: $160k - $170k plus 15% bonus LOCATION: DALLAS, TX On Site 3 days a week Looking for an Application security, web applications, network applications engineer. You will also create custom scripts and perform automation while also performing security assessments on both Legacy on prem and cloud environments. Candidate would also Identify, document and communicate vulnerabilities. Application Security/Secure SDLC Build and optimize our security tooling stack, including SAST, DAST, SCA, and IaC. Implement DevSecOps principles and integrate tools into CI/CD pipelines and developer workflows. Automate security checks in CI/CD pipelines and developer tools to ensure continuous visibility and successful delivery. Build out process for threat modelling and secure design review process. Implement security for supply chain security, AI/ML application security, Open source etc. Qualifications: Experience with CI/CD pipelines and software development/coding: Docker, Jenkins, GitHub, SVN, Terraform, and others. Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, GCP, IaaS/PaaS/SaaS). Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed. Strong knowledge of cryptography Technical Skills: Deep knowledge of common web, API and cloud vulnerabilities (eg OWASP Top 10, CWE, auth flaws etc.). Deep understanding of vulnerabilities, reachability, exploitability and how they affect applications. Familiarity with secure coding principles across multiple languages (eg python, Java, JavaScript etc.). Knowledge of how security fits into platform engineering and cloud native stacks. Deep understanding of application layer attacks and defense mechanisms (CCS, CSRF, SQLi, XXE, SSRF, broken access control etc.). Familiarity with API security (REST & GraphQL), Postman, OOWASP top 10). Proficiency with artifact repositories and implementing security controls around component ingestion. Knowledge of shift-left strategies and embedding controls early in the development life cycle. Familiarity with Kubernetes security, container scanning and cloud infrastructure as code. Ability to triage and prioritize vulnerabilities based on exploitability, impact and business context. Strong proficiency application security and vulnerability management. Strong experience with custom Scripting (python, C++, PowerShell, bash, etc.) and process automation. Some proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark etc.). Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls. Experience with dedicated document management tools (eg, DMS, PolicyTech) a plus. Familiarity with application frameworks and their built-in security services and API's (ie, Sun J2EE, MS .NET, OMG CORBA, Spring, etc.). Knowledge of security architecture design and principles including confidentiality, integrity and availability. Knowledge of automated code scanning tools and development pipeline tools. Understanding of security concepts and practices, including those for authentication, authorization, access control and auditing as well as best practices (eg OWASP). Familiarity with application authentication and authorization systems (ie, CA SiteMinder, RSA SecurID/ACE, Active Directory, and LDAP). Fundamental understanding of network and data communications technologies Knowledge of (AWS, Azure, GCP) Cloud security concepts, best practices, and environments. Knowledge of Secure DevOps concepts.
25/06/2025
Full time
NO SPONSORSHIP Security Engineering (Application Security) SALARY: $160k - $170k plus 15% bonus LOCATION: DALLAS, TX On Site 3 days a week Looking for an Application security, web applications, network applications engineer. You will also create custom scripts and perform automation while also performing security assessments on both Legacy on prem and cloud environments. Candidate would also Identify, document and communicate vulnerabilities. Application Security/Secure SDLC Build and optimize our security tooling stack, including SAST, DAST, SCA, and IaC. Implement DevSecOps principles and integrate tools into CI/CD pipelines and developer workflows. Automate security checks in CI/CD pipelines and developer tools to ensure continuous visibility and successful delivery. Build out process for threat modelling and secure design review process. Implement security for supply chain security, AI/ML application security, Open source etc. Qualifications: Experience with CI/CD pipelines and software development/coding: Docker, Jenkins, GitHub, SVN, Terraform, and others. Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, GCP, IaaS/PaaS/SaaS). Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed. Strong knowledge of cryptography Technical Skills: Deep knowledge of common web, API and cloud vulnerabilities (eg OWASP Top 10, CWE, auth flaws etc.). Deep understanding of vulnerabilities, reachability, exploitability and how they affect applications. Familiarity with secure coding principles across multiple languages (eg python, Java, JavaScript etc.). Knowledge of how security fits into platform engineering and cloud native stacks. Deep understanding of application layer attacks and defense mechanisms (CCS, CSRF, SQLi, XXE, SSRF, broken access control etc.). Familiarity with API security (REST & GraphQL), Postman, OOWASP top 10). Proficiency with artifact repositories and implementing security controls around component ingestion. Knowledge of shift-left strategies and embedding controls early in the development life cycle. Familiarity with Kubernetes security, container scanning and cloud infrastructure as code. Ability to triage and prioritize vulnerabilities based on exploitability, impact and business context. Strong proficiency application security and vulnerability management. Strong experience with custom Scripting (python, C++, PowerShell, bash, etc.) and process automation. Some proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark etc.). Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls. Experience with dedicated document management tools (eg, DMS, PolicyTech) a plus. Familiarity with application frameworks and their built-in security services and API's (ie, Sun J2EE, MS .NET, OMG CORBA, Spring, etc.). Knowledge of security architecture design and principles including confidentiality, integrity and availability. Knowledge of automated code scanning tools and development pipeline tools. Understanding of security concepts and practices, including those for authentication, authorization, access control and auditing as well as best practices (eg OWASP). Familiarity with application authentication and authorization systems (ie, CA SiteMinder, RSA SecurID/ACE, Active Directory, and LDAP). Fundamental understanding of network and data communications technologies Knowledge of (AWS, Azure, GCP) Cloud security concepts, best practices, and environments. Knowledge of Secure DevOps concepts.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a strong Application Security Engineer. Candidate will work closely with other members of the Security Services, IT Development Teams, and Development teams to support application and software security initiatives, projects, and operations. Responsibilities: Application Security/Secure SDLC Build and optimize our security tooling stack, including SAST, DAST, SCA, and IaC. Implement DevSecOps principles and integrate tools into CI/CD pipelines and developer workflows. Define and improve secure SDLC processes designing and implementing a developer friendly secure SDLC framework tailored to the delivery model. Automate security checks in CI/CD pipelines and developer tools to ensure continuous visibility and successful delivery. Build out process for threat modelling and secure design review process. Implement security for supply chain security, AI/ML application security, Open source etc. Review reports of the testing and conduct security risk assessments of the vulnerabilities. The use and maintenance of cloud and self-managed security scanning tools, manual source code reviews, and manual penetration assessments. Conduct IT/Security code review meetings to eliminate false positives and encourage collaboration between Security and IT development teams. Assist with application security vulnerability management including implementation of new vulnerability management tools. Debrief users and provide remediation strategy on findings. Ensure alignment of security controls in testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices. Perform ongoing reviews of application releases to ensure only secure and reviewed code is pushed to prod, with automation tasks as necessary. Develop scripts/automation to assist development teams with interpreting results from pipeline vulnerability verification reports to facilitate vulnerability remediation. Qualifications: Experience with CI/CD pipelines and software development/coding: Docker, Jenkins, GitHub, SVN, Terraform, and others. Exceptional analytical, problem solving and troubleshooting skills with the ability to exercise good judgment while developing creative solutions. Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, Google Cloud Platform, IaaS/PaaS/SaaS). Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed. Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications. Strong knowledge of common enterprise infrastructure technology stacks and network configurations. Exhibit ability to understand and modify code in a diverse range of programming languages and frameworks; must have direct practical experience with one or more high level programming languages. Technical Skills: Deep knowledge of common web, API and cloud vulnerabilities (eg OWASP Top 10, CWE, auth flaws etc.). Deep understanding of vulnerabilities, reachability, exploitability and how they affect applications. Familiarity with secure coding principles across multiple languages (eg python, Java, JavaScript etc.). Knowledge of how security fits into platform engineering and cloud native stacks. Deep understanding of application layer attacks and defense mechanisms (CCS, CSRF, SQLi, XXE, SSRF, broken access control etc.). Familiarity with API security (REST & GraphQL), Postman, OOWASP top 10). Proficiency with artifact repositories and implementing security controls around component ingestion. Knowledge of shift-left strategies and embedding controls early in the development life cycle. Familiarity with Kubernetes security, container scanning and cloud infrastructure as code. Ability to triage and prioritize vulnerabilities based on exploitability, impact and business context. Strong proficiency application security and vulnerability management. Strong experience with custom Scripting (python, C++, PowerShell, bash, etc.) and process automation. Some proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark etc.). Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls. Experience with dedicated document management tools (eg, DMS, PolicyTech) a plus. Familiarity with application frameworks and their built-in security services and API s (ie, Sun J2EE, MS .NET, OMG CORBA, Spring, etc.). Knowledge of security architecture design and principles including confidentiality, integrity and availability. Knowledge of automated code scanning tools and development pipeline tools. Understanding of security concepts and practices, including those for authentication, authorization, access control and auditing as well as best practices (eg OWASP). Familiarity with application authentication and authorization systems (ie, CA SiteMinder, RSA SecurID/ACE, Active Directory, and LDAP). Fundamental understanding of network and data communications technologies Knowledge of (AWS, Azure, Google Cloud Platform) Cloud security concepts, best practices, and environments. Knowledge of Secure DevOps concepts. Education and/or Experience: BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 5+ Years experience in Application Security or Information Security environment. Experience writing scripts and working with containers in a CI/CD pipeline. Exposure to security architecture design through application development or knowledge of security concepts/best practices. Certificates or Licenses: Security-related certifications (CISSP, CISA, CRISK, ISSAP, GSLC, OSCP, OSCE, GPEN, or GXPN, etc.) highly desired. Professional network and/or security certifications a plus (ie, GIAC, CISSP, CISA, CISM, CRISC) Cloud security automation certifications a plus (ie GCSA) Penetration testing certifications a plus (ie OSCP, GWAPT)
25/06/2025
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Institution is currently seeking a strong Application Security Engineer. Candidate will work closely with other members of the Security Services, IT Development Teams, and Development teams to support application and software security initiatives, projects, and operations. Responsibilities: Application Security/Secure SDLC Build and optimize our security tooling stack, including SAST, DAST, SCA, and IaC. Implement DevSecOps principles and integrate tools into CI/CD pipelines and developer workflows. Define and improve secure SDLC processes designing and implementing a developer friendly secure SDLC framework tailored to the delivery model. Automate security checks in CI/CD pipelines and developer tools to ensure continuous visibility and successful delivery. Build out process for threat modelling and secure design review process. Implement security for supply chain security, AI/ML application security, Open source etc. Review reports of the testing and conduct security risk assessments of the vulnerabilities. The use and maintenance of cloud and self-managed security scanning tools, manual source code reviews, and manual penetration assessments. Conduct IT/Security code review meetings to eliminate false positives and encourage collaboration between Security and IT development teams. Assist with application security vulnerability management including implementation of new vulnerability management tools. Debrief users and provide remediation strategy on findings. Ensure alignment of security controls in testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices. Perform ongoing reviews of application releases to ensure only secure and reviewed code is pushed to prod, with automation tasks as necessary. Develop scripts/automation to assist development teams with interpreting results from pipeline vulnerability verification reports to facilitate vulnerability remediation. Qualifications: Experience with CI/CD pipelines and software development/coding: Docker, Jenkins, GitHub, SVN, Terraform, and others. Exceptional analytical, problem solving and troubleshooting skills with the ability to exercise good judgment while developing creative solutions. Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies; prefer operational experience as an administrator, engineer, or developer and direct experience testing in commercial cloud environments (AWS, Azure, Google Cloud Platform, IaaS/PaaS/SaaS). Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management Good understanding of regulatory standards including CSF, NIST, PCI, SSAE 16, SAS 70, HIPPA, FIPS 199, COBIT 5 and others as needed. Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications. Strong knowledge of common enterprise infrastructure technology stacks and network configurations. Exhibit ability to understand and modify code in a diverse range of programming languages and frameworks; must have direct practical experience with one or more high level programming languages. Technical Skills: Deep knowledge of common web, API and cloud vulnerabilities (eg OWASP Top 10, CWE, auth flaws etc.). Deep understanding of vulnerabilities, reachability, exploitability and how they affect applications. Familiarity with secure coding principles across multiple languages (eg python, Java, JavaScript etc.). Knowledge of how security fits into platform engineering and cloud native stacks. Deep understanding of application layer attacks and defense mechanisms (CCS, CSRF, SQLi, XXE, SSRF, broken access control etc.). Familiarity with API security (REST & GraphQL), Postman, OOWASP top 10). Proficiency with artifact repositories and implementing security controls around component ingestion. Knowledge of shift-left strategies and embedding controls early in the development life cycle. Familiarity with Kubernetes security, container scanning and cloud infrastructure as code. Ability to triage and prioritize vulnerabilities based on exploitability, impact and business context. Strong proficiency application security and vulnerability management. Strong experience with custom Scripting (python, C++, PowerShell, bash, etc.) and process automation. Some proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark etc.). Experience with Mainframes, Windows, Unix, MacOS, Cisco, platforms and controls. Experience with dedicated document management tools (eg, DMS, PolicyTech) a plus. Familiarity with application frameworks and their built-in security services and API s (ie, Sun J2EE, MS .NET, OMG CORBA, Spring, etc.). Knowledge of security architecture design and principles including confidentiality, integrity and availability. Knowledge of automated code scanning tools and development pipeline tools. Understanding of security concepts and practices, including those for authentication, authorization, access control and auditing as well as best practices (eg OWASP). Familiarity with application authentication and authorization systems (ie, CA SiteMinder, RSA SecurID/ACE, Active Directory, and LDAP). Fundamental understanding of network and data communications technologies Knowledge of (AWS, Azure, Google Cloud Platform) Cloud security concepts, best practices, and environments. Knowledge of Secure DevOps concepts. Education and/or Experience: BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university desired. 5+ Years experience in Application Security or Information Security environment. Experience writing scripts and working with containers in a CI/CD pipeline. Exposure to security architecture design through application development or knowledge of security concepts/best practices. Certificates or Licenses: Security-related certifications (CISSP, CISA, CRISK, ISSAP, GSLC, OSCP, OSCE, GPEN, or GXPN, etc.) highly desired. Professional network and/or security certifications a plus (ie, GIAC, CISSP, CISA, CISM, CRISC) Cloud security automation certifications a plus (ie GCSA) Penetration testing certifications a plus (ie OSCP, GWAPT)
