Security Testing Specialist - SAST

PNC Bank•Denver, CO

13h•Onsite

About The Position

At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. We work together each day to foster an inclusive workplace culture where all of our employees feel respected, valued and have an opportunity to contribute to the company’s success. As a Software Security Specialist Sr within PNC's Technology organization, you will be based in Pittsburgh, PA; Cleveland, OH; Denver, CO; Birmingham, AL; or Phoenix, AZ. This role involves reviewing findings from Static Application Security Testing (SAST) scanning solutions to identify true positive vulnerabilities, manually reviewing code using expert knowledge to identify vulnerabilities that may be missed by automated scanners, and aiding in onboarding new and existing in-scope mnemonics to the program to receive continuous scan results. The goal is to shift left and identify vulnerabilities earlier in the development process. Additionally, the role includes evaluating new SAST solutions to enhance the program as the market shifts and new techniques/technologies become available.

Requirements

JAVA, .NET, Python
Application Development and Application Security experience
Perform tool assisted application security testing (SAST)
Manually reviewing code for vulnerabilities
Triage and report vulnerabilities discovered
Assist developers with vulnerability remediation
Assist teams with onboarding to our SAST platform and orchestrating scans with our CI/CD platform
University / college degree, with 5+ years of industry-relevant experience.
In lieu of a degree, a comparable combination of education, job specific certification(s), and experience (including military service) may be considered.

Nice To Haves

Access Control (AC)
Application Security
Application Security Code Review
Application Security Testing
Building Architecture
Customer Solutions
Disaster Recovery Planning
Information Security
Network Security
Physical Security
Risk Assessments
Security Technologies
Static Application Security Testing (SAST)

Responsibilities

Review findings from Static Application Security Testing (SAST) scanning solutions to identify true positive vulnerabilities.
Manually review code using expert knowledge to identify vulnerabilities in code which may be missed or is not possible to be detected by automated SAST scanners.
Aid in onboarding new and existing in-scope mnemonics to the program to receive continuous scan results as developers push new builds.
Evaluate new SAST solutions to further enhance our program as the market shifts and new techniques/technologies are made available.
Carries out security testing of applications, infrastructure, and/or platforms to discover security vulnerabilities.
Performs manual & automated security testing.
Performs manual testing to validate vulnerabilities.
Reviews the testing results with stakeholders and creates a report to review results with stakeholders.
Assists in the design and implementation of security solutions and continuously enhances information security approaches and methodologies at manager discretion.

Benefits

medical/prescription drug coverage (with a Health Savings Account feature)
dental and vision options
employee and spouse/child life insurance
short and long-term disability protection
401(k) with PNC match
pension and stock purchase plans
dependent care reimbursement account
back-up child/elder care
adoption, surrogacy, and doula reimbursement
educational assistance, including select programs fully paid
a robust wellness program with financial incentives
maternity and/or parental leave
up to 11 paid holidays each year
9 occasional absence days each year, unless otherwise required by law
between 15 to 25 vacation days each year, depending on career level; and years of service.