Senior Associate, IT, Application Security Engineer
Dublin, Cyprus
MUFG Investor Services
MUFG Investor Services is an industry leader in fund administration, asset servicing, banking and fund financing.Company Description
MUFG Investor Services is a leading asset servicing provider for the global investment management industry. From 16 locations around the world, MUFG Investor Services, through its suite of solutions, helps clients mitigate risk, execute seamlessly, and increase efficiencies in their pre and post-trade operations. With over $770 billion in assets under administration, MUFG Investor Services is one of the top fund administrators globally. Its nearly 500 clients represent hedge funds, asset managers, private equity, real assets, fund of funds, and more, and benefit from a broad range of additional solutions including fund financing, foreign exchange, custody, trustee services, depository, middle-office outsourcing, securities lending, and other banking services.
MUFG Investor Services is a division of Mitsubishi UFJ Financial Group, Inc (MUFG) one of the largest banks in the world with $3.3 trillion in assets. To learn more, please visit us at www.mufginvestorservices.com
Job Description
At MUFG Investor Services, technology and data are at the heart of our service proposition to our clients and their investors. Our business is entrusted with their information every day and we take their security seriously.
We are looking for a Senior Application Security Engineer, to be an integral part of our information security organisation, and to work with our product and development teams, and third parties, to ensure that secure application design and testing techniques are appropriately applied at all stages of the development lifecycle.
Reporting to the Head of Security Architecture and Engineering, You Will:
- Review and refresh our application security assessment activities to strengthen our capability in this critical area, ensuring consistent application security involvement across all operational platforms, development and change initiatives
- Foster collaborative working relationships with the wider Technology Architecture, Product and Development teams, all whom are critical partners and key to ensuring an effective Security by Design approach is adopted – embedding security in all change initiatives at an appropriate time and level
- Perform threat modelling and security-focused code reviews
- Promote the awareness and adoption of dynamic application security testing, working alongside development leads and the Head of Security Architecture and Engineering to establish a roll-out plan
- Support the introduction and on-going management of a single developer security platform, consolidating and learning from existing MUFG Investor Services activity and experience to date. Identify and implement supporting tools to automate processes and testing activities
- Assist teams in reproducing, triaging, and addressing application security vulnerabilities
- Work alongside and oversee the input of third-party security services providers, to manage broader security assessments of infrastructure and applications
- Implement application security controls across our business
- Design technical solutions to address identified security weaknesses
- Support the production of security coding standards, as part of wider non-functional requirements definition
- Participate in operational and incident escalations and investigations, as required
- Contribute to risk management initiatives by identifying and overseeing risks across application security areas
Qualifications
You Have:
Essential:
- Extensive application security engineering experience, with a specific focus on web application security
- Development / scripting / platforms skills and experience, including Python, JavaScript, .NET, GitLab, Docker and Jenkins
- A good understanding of network and web related protocols
- Experience in identifying security issues through code review
- Familiarity and ability to explain common security flaws and ways to address them
- Familiarity with common security libraries and tools, such as developer security platforms, static analysis tools and penetration testing tools
Preferred:
- In-depth working knowledge of standards and material provided by organisations such as the Web Application Security Consortium (WASC), the OWASP Foundation, and the WebAppSec Working Group
- Certifications such as Certified Web Application Security Tester (C-WAST), Certified Ethical Hacker (CEH), Certified Application Security Engineer (CASE) and Offensive Security Web Expert (OSWE)
- Familiarity with governance, compliance and assurance standards such as the ISO 27000 series and, SOC1 and SOC2 attestations
- Understanding of information security risk with the ability to recommend pragmatic business-focused decisions
Additional Information
At MUFG Investor Services, we are exceptionally proud of our approach to Hybrid Working. It enables the flexibility to thrive from wherever our employees work and, stay connected to their team and our culture. When we make Hybrid Working plans, we get to know the individual and pride ourselves in underpinning all our decisions with fairness and consistency.
MUFG Investor Services provides all of its employees with an extremely attractive compensation package. In addition to base salary, there is a group medical insurance scheme, group pension scheme, reimbursement of professional subscriptions, paid holidays and assistance towards gym memberships.
We thank all candidates for applying; however, only those proceeding to the interview stage will be contacted. If you are contacted for a job opportunity, please advise us of any accommodations needed to ensure fair and equitable access throughout the recruitment and selection process. All accommodation information provided will be treated as confidential and used only to provide an accessible candidate experience.
MUFG is an equal opportunity employer.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Banking C CEH Compliance DAST Docker GitLab Governance ISO 27000 JavaScript Offensive security OSWE OWASP Pentesting Python Risk management Scripting Security assessment SOC 1 SOC 2 Vulnerabilities
Perks/benefits: Career development Equity Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs