Application Security Engineer

About The Position

Requirements

• Experience developing software in technologies such as Java, .Net, Python, and Node.js etc.
• Experience in cloud technologies such as Azure and AWS.
• Extensive experience in application security space including SAST, DAST, SCA and Container security scanning.
• Current information security certification, including Certified Information Systems Security Professional (CISSP).
• Experience with automation and orchestration tools, such as Ansible, Terraform, or Kubernetes, is valuable. Knowledge of Infrastructure as Code (IaC) principles and experience in automating deployment and management tasks in a hybrid cloud environment is beneficial.
• Proven technical solutioning experience with current and emerging technologies including, but not limited to: Agile Development, DevOps, Cloud Engineering, System Hardening, DevSecOps, Cybersecurity, Cloud Security.
• Excellent verbal and written communication skills across internal and external organizations.
• Ability to prioritize and manage several projects or priorities simultaneously.
• Bachelor’s degree in information technology (IT), computer science, or related field with 6 years of relevant experience.
• Experience in software development and software development lifecycle (SDLC).
• Experience with application security tooling and its operations with modern CI/CD, and DevSecOps best practices.
• Experience partnering with Dev community to influence without authority to adopt application security best practices, and tooling.
• Security+ or other cybersecurity security certification.
• Experience with Agile and scrum practices.

Responsibilities

• Help build our DevSecOps & AppSec Strategy to integrate cybersecurity into the organizational adoption and improvement of agile practices.
• Partner with Engineering teams to implement and operationalize DevSecOps, and AppSec principles and processes.
• Assist application teams with onboarding to the adopted security tools/technologies; working with vendors to troubleshoot the platform and issues related to such integrations.
• Assist development community to triage Static Application Security Testing (SAST) vulnerabilities, and partner to remediate the application security vulnerabilities.
• Deliver and communicate reporting via dashboard, and metrics.
• Develop and maintain application security and DevSecOps documentation.
• Assist in the audit processes and provide relevant documentation to close Audit findings.
• Work with teams to continuously improve DevSecOps, & Application Security processes and tools.
• Deliver tasks based on project objectives; technically support projects through to completion.

Benefits

• Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.
• For a full overview, visit https://hrportal.ehr.com/statestreet/Home.