Vice President, Senior Application Security Engineer

About the Company

Internationally recognized banking group

Industry Financial Services

Type Subsidiary of a Public Company

Founded 1996

Employees 10,001+

Categories

Financial Services Consulting & Professional Services Banking & Mortgages Banking Finance

Specialties

advisory capital markets & investment banking corporate & institutional client banking derivatives equity research sales & trading fx / treasury services global trade finance lease finance leveraged finance mergers & acquisitions project finance and real estate finance

Business Classifications

B2B B2C Enterprise

About the Role

The Company is seeking a Senior Application Security Engineer with a Vice President level of experience. The successful candidate will be tasked with ensuring that all code scanning vulnerabilities align with organizational policies and will work closely with developers to address issues before code is released to production. This role requires a strong development background, the ability to communicate code deficiencies to stakeholders in various programming and scripting languages, and expertise in resolving complex problems within the framework of established security policies and guidelines. The Senior Application Security Engineer will also be responsible for interfacing with development and security architecture teams on application security topics, as well as with the vulnerability management team to ensure proper reporting and validation of identified vulnerabilities.

Applicants must have a minimum of 7 years' experience as an Application Security Analyst or in Application Penetration Testing, with a proven track record of expertise in programming languages such as C#, C++, Java, Python, and .Net. The role demands the ability to read and understand code deficiencies, write code fixes, and create automation scripts for internal cybersecurity projects. Experience in developing and maturing CI/CD pipelines for code quality and vulnerability detection, as well as a strong understanding of the Secure Software Development Lifecycle, is essential. The ideal candidate will have a deep knowledge of OWASP Top 10 or CWE, common software threats, and their mitigations, and be well-versed in SAST, DAST, and container security issues. A detail-oriented, process-driven individual with experience in Jira/Confluence, and a background in bug bounty or penetration testing, will be well-suited for this role.

Hiring Manager Title SMBC AD Head of Application Security

Travel Percent Less than 10%

Functions

Engineering Information Technology