We are looking for a VP of Application Security Engineering to join a growing Fin-Tech organization within a large Tier 1 Investment Bank. This professional will be responsible for helping lead, mentor, and manage a team of growing engineers and architects to ensure security is being implemented correctly across the organization.
Key responsibilities include:
- Develop POC and Threat models
- Establish best practices with regards to secure application design and facilitate implementation across the development teams.
- Conduct design and code reviews with a specific focus on application security.
- Provide ongoing security assessments and vulnerability reviews of software currently in operation.
- Perform application penetration testing for sensitive internet facing applications.
- Work closely with Development, Operations, and Info Sec teams to monitor and remediate security incidents.
- Collaborate closely with the development team to integrate and automate security processes into CI/CD pipeline
- Assess and calculate application risk; create and present metrics and summaries.
- Experience with Application Security tools and technologies (Static code analysis, Dynamic scanning, WAF, SSL/TLS, Apache HTTPD, OAUTH2 /Open ID and JWT)
- Experience with scripting languages like Python, Bash, and Java Script.
- Knowledge of CI/CD practices.
- Knowledge of Web application architecture and API development practices.
- Experience working with cloud platforms such as AWS, Google Cloud etc. from both a developer and security perspective a plus.
Education and Experience:
- Minimum of a Bachelor's degree or equivalent in Computer Science or Engineering.
- Six or more years of security/software engineering experience with security focus or as an Application Security Engineer.
- Information security certifications such as CISSP, CCSP etc. a plus.