Title: Sr. Application Security Engineer
What we need:
The Senior Application Security Engineer will participate in establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected. An up-to-date understanding of the latest security threats, trends, and application security technologies is critical. Experience with security solution implementations and management in an enterprise environment is important.
What you will do:
Under the direction of Information Security Management, develop strategies and plans to achieve security requirements and address identified risks.
Develop and maintain enterprise principles, policies and standards for application security including secure coding, testing, threat modeling, and architecture.
Create and maintain application testing and scanning procedures and processes in alignment with industry best practices and regulatory requirements.
Work with software development teams to assure security compliance with standards and best practices.
Work with development teams on development processes (e.g., Secure SDLC, Agile, DevOps, etc.) to ensure cohesive integration of security practices.
Implement appropriate application scanning and security testing solutions and train development team members on usage.
Run and interpret results application security scans and tests (e.g., SAST, DAST, IAST, or RASP).
Work with development teams to interpret test results and utilize standard coding remediation.
Gather, analyze and assess the current and future threat landscape, and assist in providing leadership with a realistic overview of risks and threats in the enterprise environment.
Work with business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments.Supervise application vulnerability exception process and facilitate updates among stakeholder. Work and coordinate with management and department heads across the enterprise.
Responsible for formulating application security metrics.
What you need to have:
An undergraduate degree is required, preferably related to security, technology, engineering, or other relevant area.
One or more professional certifications preferred (e.g., CISSP, CISM, CISA, CRISC, CEH, G-PEN, OSCP, G-SEC, etc.) but not required.
7-10 years of application security experience with a passion for Information Security.
Experience working with SAST, DAST, IAST, or RASP technologies.
Experience assessing and addressing security risks in a digital, web-facing, customer facing environment.
Experience conducting system and application technology security testing, including static and dynamic code review, vulnerability scanning and penetration testing.
Application development background is a plus.
Experience with OWASP Top-10 web application vulnerabilities and CWE/CVA.
Experience with securing Microservices environments.
Experience with SIEM, SSO, MFA, and IAM security solutions.
Experience with .net, Java, HTML, and scripting languages.
In-depth knowledge of risk assessment methods and technologies.
Proficient use of various tools and techniques, including risk, business impact, control and vulnerability assessments, used to identify business needs and determine control requirements.
Ability to interact with personnel at all levels and across all business units/organizations, and
to understand business imperatives.
Understanding of common operating systems, network devices, databases, web applications, and
Detail oriented and organized to accomplished detailed task.
Communicate best practices in application security and vulnerability management across the enterprise and help create security advisories associated with new and emerging threats and risks.
Able to write effective communications and documentation in a compliance-regulated environment.
Excellent planning, organizational, analytical and interpersonal skills.
Basic knowledge of cloud federation platforms.
Experience in the financial industry a plus.
What we give you in return:
Our competitive Health program offers a comprehensive benefits package that supports healthy lifestyles, preventative care and helps to protect against hardship. Our retirement plan offers our employees the opportunity to plan ahead for a strong financial future well beyond their working years.
About Cetera Financial Group:
Cetera Financial Group ("Cetera") is a leading network of independent retail broker-dealers empowering the delivery of objective financial advice to individuals, families and company retirement plans across the country through trusted financial advisors and financial institutions. Cetera is the second-largest independent financial advisor network in the nation by number of advisors, as well as a leading provider of retail services to the investment programs of banks and credit unions.
Through its multiple distinct firms, Cetera offers independent and institutions-based advisors the benefits of a large, established broker-dealer and registered investment adviser, while serving advisors and institutions in a way that is customized to their needs and aspirations. Advisor support resources offered through Cetera include award-winning wealth management and advisory platforms, comprehensive broker-dealer and registered investment adviser services, practice management support and innovative technology.
*"Cetera Financial Group" refers to the network of retail independent broker-dealers encompassing, among others, Cetera Advisors, Cetera Advisor Networks, Cetera Financial Institutions, Cetera Financial Specialists, First Allied Securities, Girard Securities, The Legend Group and Summit Brokerage Services.
Cetera Financial Group is committed to providing an equal employment opportunity for all applicants and employees. For us, this is the only acceptable way to do business. Accordingly, all employment decisions at the Cetera Financial Group, including those relating to hiring, promotion, transfers, benefits, compensation, and placement, will be made without regard to race, color, ancestry, national origin, citizenship, age, physical and/or mental disability, medical condition, pregnancy, genetic characteristics, religion, religious dress and/or grooming, gender, gender identity, gender expression, sexual orientation, marital status, U.S. military status, political affiliation, or any other class protected by state and/or federal law.
Agencies please note: this recruitment assignment is being managed directly by Cetera's Talent Acquisition team. We will reach out to our preferred agency partners in the rare instance we require additional talent options. Your respect for this process is appreciated.