Senior Application Security

Application SecuritySalary: $120k-$130k + BonusLocation: Chicago, IL/Dallas, TX***We are unable to provide sponsorship for this role******Bonus Eligible***A prestigious financial company is seeking to fill a Application Security position that will work closely with other members of the Security Services, IT Development Teams and Quality Assurance teams to support application and software security initiatives, projects, and operations.QualificationsBachelors'' degree in Cybersecurity, Computer Science, Management Information Systems, or related field or the equivalent combination of education and/or relevant experienceExperience writing scripts and working with containers in a CI/CD pipelineAt least 3+ year experience in Security-related roles or equivalent training/knowledge of security best practices and OWASP and NVDExperience with CI/CD pipelines and software development/coding: Docker, Jenkins, GitHub, SVN, Terraform, and others.Knowledge of scripting languages including Java, C++, Python, JavaScript, BashFamiliarity with application frameworks and their built-in security services and API''s (i.e., Sun J2EE, MS .NET, OMG CORBA, Spring, etc.)Knowledge of security architecture design and principles including confidentiality, integrity, and availability.Knowledge of automated code scanning tools (i.e.,) and development pipeline tools (i.e.,)Understanding of security concepts and practices, including those for authentication, authorization, access control and auditing as well as best practices (e.g., OWASP).Familiarity with application authentication and authorization systems (i.e., CA SiteMinder, RSA SecurID/ACE, Active Directory, and LDAP)General knowledge of cryptography (symmetric and asymmetric encryption, digital signatures, message digests, certificates, PKI, SSL/TLS, etc.)Fundamental understanding of network and data communications technologies Knowledge of (AWS, Azure, Google Cloud Platform) Cloud security concepts, best practices, and environmentsKnowledge of Secure DevOps conceptsResponsibilitiesSuggest security controls and practices to be integrated in the SDLC phases and participation in Security Engineering SDLC activities and toll gatesCreate clear and concise reports of security analysis for SDLC artifacts and security reviews during change management processCollaborate and brainstorm with the Security Engineering team on new application and application infrastructure technology componentsExecute self-testing of Security controls and processesCoordinate execution of continuous testing roadmap exercisesProvide input into training on security best practices for application developers, architects and testers and coordinate the execution of training plansParticipate in the change management process, assist with evaluating the security impact of changes, and suggest controls and make conclusions to approve or reject the change requestsAssist in the development of metrics documentation to track the burndown rate of vulnerability remediationAssist in the development of security engineering documentation:Explore opportunities for updates to Security Engineering policies and standardsAssist with the development and periodic review of Security controls, policies, and procedures in close coordination with Security managersParticipate in the improvement of security engineering processesHelp gather evidence of security testing processes for auditsWork with development team and Q/A to create development lifecycle documentation, provides integrated systems planning which will enhance current systems and support corporate, business and system goals.Identify automation opportunities and help with department automation effortsAssist with application penetration testingAssist with retesting vulnerabilities to verify the development teams have remediatedReview reports of the testing and conduct security risk assessment of the vulnerabilitiesConduct code scans using automated tools and risk rate the vulnerabilities according to the organization risk profile and mitigating controls.Conduct IT/Security code review meetings to eliminate false positives and encourage collaboration between Security and IT development teamsAssist with application security vulnerability management including implementation of new vulnerability management tools - provided by Dice

Created: 2025-11-15