Application Security Engineer

If you're looking for a high-energy, inclusive atmosphere and a company that understands the importance of work/life balance, Commonwealth is your match! From generous bonus and 401(k) programs to tuition reimbursement and flexible work schedules, Commonwealth is focused on helping its employees thrive in an environment suited to their needs. On top of all that, the Information Security department offers a hybrid work schedule, so you'll be able to work from home for part of the week!

We're looking for an Application Security Engineer to join our ranks. As a Commonwealth Application Security Engineer, you will be a key member of the Information Security Engineering team. You will use your strong understanding of applications, servers, security solutions, and design and development processes to enable and deliver resilient and secure applications. You will work collaboratively with the Information Security, development, QA, and database teams to ensure that solutions and services are designed and adopted effectively.

Key Responsibilities 

• Reviewing, designing, and integrating security in the software development lifecycle process
• Collaborating with development and operations teams to integrate security into the entire application development lifecycle through DevSecOps practices
• Developing and improving the organization's security policies and standards
• Performing manual and automated analysis on applications using open source and custom tools and scripts
• Analyzing processes and toolsets used by the developers and database teams to ensure the security of the environment
• Partnering with the application and QA teams to ensure risk is identified and remediated.
• Developing custom dashboards and reporting on the state of security in the application environment
• Proactively testing applications using static and dynamic application testing (SAST and DAST)
• Liaising with application development team to identify application components and recommend safe use of components using SCI solutions
• Performing regular security assessments, vulnerability scanning, and penetration testing; work with TVM team to understand Application Security vulnerabilities and own remediation.
• Creating secure coding recommendations and develop best practices and guidelines for the development teams
• Assisting with creating security training for the Application, Development, and QA teams

Core Strengths and Skills

• Strong knowledge and understanding of application development frameworks and processes
• Hands-on experience with vulnerability assessment and penetration testing tools
• Strong scripting skills with Powershell and Python for automation and integration
• Strong experience with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tools and methodologies
• Experience with web Application Security penetration testing
• Experience with programming languages and scripting such as .NET, Python, JavaScript, Node.JS
• Comfortable with DevSecOps enablers such as Terraform (policies), Docker, Kubernetes, and secret stores such as Hashicorp Vault and Azure Key Vault
• Experienced with Azure DevOps (ADO) pipeline scripting
• Experience with OWASP manual and automated security scanning
• Familiarity with common security libraries, controls, and common security flaws and patches
• Ability to stay positive and adapt quickly to changing business models, project requirements, and technologies
• Strong communication, consultative, influencing, and presentation skills

Additional Desirable Skills and Knowledge 

• Bachelor's degree in information systems or a related discipline, or equivalent training
• 5+ years of related work experience in Application Security role
• Technical expertise inAzure Cloud and DevOps
• Understanding the best practices, control frameworks, and applicable existing and new legal/regulatory requirements (SEC S-P Rule, FINRA cybersecurity recommendations, data privacy, and breach notification laws, ISO 27001, NIST CSF and SP 800-53, CIS, CSA CCM, PCI DSS, and others) 
• Security-related certifications such as OSCP, GCIH, CEH, GCIA, GPEN, GPPA

Have we piqued your curiosity? Can you see yourself thriving in this opportunity? 

Picture Yourself Here  

At Commonwealth, we believe in a better world. We hold ourselves and each other to higher standards. We take care of one another. That's why we invest in you-we encourage employee growth both in your career and education; we are building out a robust diversity, equity, and inclusion program; we offer incredible healthcare benefits; and we find plenty of occasions to celebrate. What's not to love? 

We are always striving to be better, and we are looking for employees who share that same mindset. Better people, better coworkers, better leaders, better creators. Bring your best work and your full self to the table, and we will do the same. Together, we can build a better future for our advisors, their clients, our company, and you. 

About Commonwealth  

Commonwealth Financial Network, Member FINRA/SIPC, a Registered Investment Adviser, provides a suite of business solutions that empowers more than 2,000 independent financial advisors nationwide. Privately held since 1979, the firm has headquarters in Waltham, Massachusetts, and San Diego, California.  

Turning our advisors into raving fans starts by doing the same for our employees. We foster an environment of excellence, growth, rewards, and fun in equal measure, which has earned us 44 Best Place to Work awards.  

The Fine Print  

We care about your online safety as a prospective employee and encourage you to exercise caution when responding to job postings online. Commonwealth will never ask potential hiring candidates to pay or transfer funds as a precondition of interviews or employment, nor will we authorize recruiters or agents to do so on our behalf.  

Commonwealth is an equal opportunity employer, making intentional efforts to source talent from all backgrounds.