Application Security Engineer

About Eleven Recruiting
We are a specialized technology staffing agency supporting Aerospace, Professional, and Financial Services companies. We listen and act as advisors for our candidates on how they can best add value, find interesting projects, and pave a path for career advancement. We advocate for best pay, diversity, and best job-fit for every candidate we place.

Our client is seeking an Application Security Engineer in the Investment Firm industry!

This position is critical for enhancing our Application Security program, focusing on securing development processes, application inventory management, developing and maintaining high standards of security architecture and controls, and conducting security control validation.

RESPONSIBILITIES:

• Effectively communicate and interact with colleagues across the Cyber Security team, as well as the broader Global Technology and Application teams.
• Create and manage a detailed inventory of all applications, documenting their security standards, compliance status and vulnerability status. Assist the Vulnerability Management team with assessing and prioritizing Application Security risks.
• Design and define secure application architectures and standards, implement cloud & Application Security posture management best-practices to protect against threats.
• Work in concert with architecture, development and product teams to architect security solutions for business-critical applications.
• Conduct application architecture reviews of existing applications and assist/review new and incoming applications being onboarded into the environment.
• Collaborate with development teams to integrate security best practices into the software development lifecycle, design and implement security controls for continuous integration and continuous deployment (CI/CD) pipelines, enhance CI/CD pipeline hygiene, integrating security practices to ensure clean and secure code deployment.
• Identify and onboard SaaS/tools to facilitate a secure SDLC process, security monitoring, management, observability and alerting on risky code or other activities.
• Develop and enforce Application Security standards and guidelines to promote best practices in secure development.
• Engage in code reviews and security assessments, providing insights on security controls within GitHub repositories and other development environments.
• Collaborate with internal teams to assess security posture and controls, utilizing tools like Burp Suite to identify and address vulnerabilities.
• Stay current with the latest security trends and threats, applying this knowledge to improve overall security posture.
• Document runbooks, best practices, standards and team initiatives using repeatable patterns.

QUALIFICATIONS:

• At least 7 years of hands-on professional experience in an Application Security focused or similar development/DevSecOps role. Experience with Azure (preferred) and/or AWS is a plus.
• Bachelor's Degree in Computer Science, Information Technology/Security or a related field.
• Experience in working with software development teams, providing security oversight in complex application ecosystems.
• Proven expertise in CI/CD pipeline management, SaaS security tools and application inventory management.
• Strong background in application architecture, security controls, cloud and penetration testing.
• Experience with GitHub and familiarity with version control systems.
• Excellent collaboration, critical thinking skills and the ability to work in a dynamic environment.
• Familiarity with industry security standards and frameworks such as OWASP, NIST, ISO 27001 or MITRE Telecommunication&CK.
• Familiarity with the regulatory environment of the financial services industry or a similarly regulated industry and its impact on Application Security is a plus.
• Commitment to staying informed on security trends and threats, using this knowledge to enhance security measures.
• U.S. Citizen, operate in the Eastern Time Zone and able to report to the NYC metro area office(s).
• Professional Certifications such as CISSP, CSSLP, CASE, GWEB, CSSLP, MCSA/MCSE are a plus.

#LI-EG1
#LI-Hybrid
Seniority Level: Mid-Senior Level
Salary: $150,000-$200,000
Job Function: Information Technology
Industry: Investment Management
Employment Type: Full Time
Location: New York, NY