Application Security Engineer
Waltham, MA, United States
Applications have closed
Commonwealth Financial Network
The largest privately held RIA-independent broker/dealer ranking highest in advisor satisfaction. We are the RIA-B/D that puts you first.Overview
If you’re looking for a high-energy, inclusive atmosphere and a company that understands the importance of work/life balance, Commonwealth is your match! From generous bonus and 401(k) programs to tuition reimbursement and flexible work schedules, Commonwealth is focused on helping its employees thrive in an environment suited to their needs. On top of all that, the Information Security department offers a hybrid work schedule, so you’ll be able to work from home for part of the week!
We’re looking for an application security engineer to join our ranks. As a Commonwealth application security engineer, you will be a key member of the Information Security Engineering team. You will use your strong understanding of applications, servers, security solutions, and design and development processes to enable and deliver resilient and secure applications. You will work collaboratively with the Information Security, development, QA, and database teams to ensure that solutions and services are designed and adopted effectively.
Key Responsibilities
- Reviewing, designing, and integrating security in the software development lifecycle process
- Collaborating with development and operations teams to integrate security into the entire application development lifecycle through DevSecOps practices
- Developing and improving the organization's security policies and standards
- Performing manual and automated analysis on applications using open source and custom tools and scripts
- Analyzing processes and toolsets used by the developers and database teams to ensure the security of the environment
- Partnering with the application and QA teams to ensure risk is identified and remediated.
- Developing custom dashboards and reporting on the state of security in the application environment
- Proactively testing applications using static and dynamic application testing (SAST and DAST)
- Liaising with application development team to identify application components and recommend safe use of components using SCI solutions
- Performing regular security assessments, vulnerability scanning, and penetration testing; work with TVM team to understand application security vulnerabilities and own remediation.
- Creating secure coding recommendations and develop best practices and guidelines for the development teams
- Assisting with creating security training for the Application, Development, and QA teams
Core Strengths and Skills
- Strong knowledge and understanding of application development frameworks and processes
- Hands-on experience with vulnerability assessment and penetration testing tools
- Strong scripting skills with Powershell and Python for automation and integration
- Strong experience with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tools and methodologies
- Experience with web application security penetration testing
- Experience with programming languages and scripting such as .NET, Python, JavaScript, Node.JS
- Comfortable with DevSecOps enablers such as Terraform (policies), Docker, Kubernetes, and secret stores such as Hashicorp Vault and Azure Key Vault
- Experienced with Azure DevOps (ADO) pipeline scripting
- Experience with OWASP manual and automated security scanning
- Familiarity with common security libraries, controls, and common security flaws and patches
- Ability to stay positive and adapt quickly to changing business models, project requirements, and technologies
- Strong communication, consultative, influencing, and presentation skills
Additional Desirable Skills and Knowledge
- Bachelor’s degree in information systems or a related discipline, or equivalent training
- 5+ years of related work experience in Application Security role
- Technical expertise inAzure Cloud and DevOps
- Understanding the best practices, control frameworks, and applicable existing and new legal/regulatory requirements (SEC S-P Rule, FINRA cybersecurity recommendations, data privacy, and breach notification laws, ISO 27001, NIST CSF and SP 800-53, CIS, CSA CCM, PCI DSS, and others)
- Security-related certifications such as OSCP, GCIH, CEH, GCIA, GPEN, GPPA
Have we piqued your curiosity? Can you see yourself thriving in this opportunity?
Picture Yourself Here
At Commonwealth, we believe in a better world. We hold ourselves and each other to higher standards. We take care of one another. That’s why we invest in you—we encourage employee growth both in your career and education; we are building out a robust diversity, equity, and inclusion program; we offer incredible healthcare benefits; and we find plenty of occasions to celebrate. What’s not to love?
We are always striving to be better, and we are looking for employees who share that same mindset. Better people, better coworkers, better leaders, better creators. Bring your best work and your full self to the table, and we will do the same. Together, we can build a better future for our advisors, their clients, our company, and you.
About Commonwealth
Commonwealth Financial Network, Member FINRA/SIPC, a Registered Investment Adviser, provides a suite of business solutions that empowers more than 2,000 independent financial advisors nationwide. Privately held since 1979, the firm has headquarters in Waltham, Massachusetts, and San Diego, California.
Turning our advisors into raving fans starts by doing the same for our employees. We foster an environment of excellence, growth, rewards, and fun in equal measure, which has earned us 44 Best Place to Work awards.
The Fine Print
We care about your online safety as a prospective employee and encourage you to exercise caution when responding to job postings online. Commonwealth will never ask potential hiring candidates to pay or transfer funds as a precondition of interviews or employment, nor will we authorize recruiters or agents to do so on our behalf.
Commonwealth is an equal opportunity employer, making intentional efforts to source talent from all backgrounds.
Min
Max
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation Azure CEH Cloud DAST DevOps DevSecOps Docker GCIA GCIH GPEN ISO 27001 JavaScript Kubernetes NIST NIST 800-53 Node.js Open Source OSCP OWASP PCI DSS Pentesting PowerShell Privacy Python SAST Scripting SDLC Security assessment Terraform Vulnerabilities
Perks/benefits: 401(k) matching Career development Flex hours Salary bonus Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs