Application Security Engineer
Miami, FL, United States
City National Bank of Florida
Florida's iconic community bank with a global reach, trusted and admired by our clients for our people-centric culture.Overview
The Application Security Engineer plays a critical role in ensuring the security and integrity of the Bank's applications and systems. This role is responsible for validating that applications and systems are designed and implemented according to the Bank's Policies, Standards, and Guidelines. This role also assesses the security of the underlying components of the application or system such as middle-tier systems and databases. Additionally, this role implements and governs repeatable secure development practices to reduce secure coding errors, design flaws, and other vulnerabilities. As issues are uncovered, the application security engineer communicates with the appropriate technical and business teams to ensure proper risk identification, mitigation, and/or acceptance.
Principal Duties & Responsibilities:
The primary duty of the Application Security Engineer involves performing work directly related to the general business operations of the bank.
The Application Security Engineer regularly exercises discretion and independent judgment in matters of significance, such as:
Lead the automation, development, and execution of DevSecOps best practices, integrating security throughout the software development lifecycle (SDLC).
Support the application vulnerability management lifecycle by implementing and managing static and dynamic application security testing tools.
Validate that applications and systems are designed and implemented with the Bank’s security standards by conducting security assessments and audits.
Analyze the security of applications and their underlying services, including dependencies such as middle-tier systems and databases, to identify vulnerabilities and weaknesses.
Implement repeatable secure development practices to minimize the introduction of design flaws and vulnerabilities into applications.
Collaborate with cross-functional teams to prioritize and mitigate security risks, ensuring business continuity without neglecting security.
Provide guidance and recommendations to development teams on security best practices.
Stay informed about the latest security threats and recommending security enhancements.
Performs other duties as assigned.
Qualifications
- 2-4 years of experience implementing security controls in software development processes.
- 2-4 years of experience in application security engineering, with a focus on DevSecOps practices.
Proficiency in software development languages such as Java, Python, C++, etc., to understand application architecture and identify security vulnerabilities.
Familiarity with dynamic and static analysis tools for code review and vulnerability assessment.
Expertise in DevOps practices and methodologies, with the ability to integrate security seamlessly into CI/CD pipelines.
Knowledge of cloud platforms, particularly Microsoft Azure, and their security features and configurations.
Strong analytical and problem-solving skills to identify and remediate security vulnerabilities effectively.
Excellent communication and collaboration skills to work effectively with cross-functional teams and third-party vendors.
Relevant Certifications:
- Certified Ethical Hacker (CEH), preferred.
- GIAC Web Application Penetration Tester (GWAPT), preferred.
- Offensive Security Certified Professional (OSCP), preferred.
Education
- Bachelor's Degree in Computer Science, Cybersecurity, Information Technology, or related field preferred.
Special Instructions to Candidates
- Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
- Please view Equal Employment Opportunity Posters provided by OFCCP here.
- The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
- Reasonable accommodation may be made to assist individuals with disabilities to complete the online application process. Please contact our Human Resources Department at 305-577-7680 or by e-mail at employment@citynational.com.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Audits Automation Azure C CEH CI/CD Cloud Computer Science DAST DevOps DevSecOps GIAC GWAPT Java Offensive security OSCP Python SDLC Security assessment Vulnerabilities Vulnerability management
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs