Principal Application Security Engineer Principal Application Security Engineer …

BNY Mellon
in New York, NY
Permanent, Full time
Be the first to apply
BNY Mellon
in New York, NY
Permanent, Full time
Be the first to apply
Principal Application Security Engineer
BNY Mellon's Data and Analytics Solutions further extend Asset Servicing capabilities in securities and cash into the world's most important 'asset class,' data. As a software and content business, inclusive of Eagle Investment Systems' data management, accounting, and performance platform and Intermediary Analytics' sales and distribution data, the offering also includes a suite of new cloud-based products. An ecosystem of proprietary and third-party business applications are available to help firms manage their core investment process and beyond.
  • Team member of a full scope AppSec service (assess, discover, triage, communicate risk, advise on remediation and/or where necessary implement hotfix/workarounds) collaborating with product owners, developers, technical operation teams within the both Product Development Lifecycle (PDLC) and Software Development Lifecycle (SDLC).
  • Continuous improvement and service delivery of the application security program, aligning staff, tools, and processes to key security metrics and controls within the PDLC/SDLC enabling timely and secure Product feature releases.
  • Provide application security guidance and oversight across Product Management, Research & Development, and Operations teams to Influence the design and implementation of upcoming products and services with a mindset of "Security by Default".
  • Responsible for overall Application Security assessments and posture through security testing on applications using dynamic and static analysis tools and penetration testing for both internal / external managed services.
  • Design and deploy state-of-art technology to meet the business needs and interface with business units regarding technical planning and application security topics.
  • Perform proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes.
  • Perform validation of security controls to insure adherence with compliance and industry best practices.
  • Perform hands on security testing of products and services to proactively Client risk and track them to resolution
  • Use a risk-based approach, advocate for and help prioritize remediation of security findings and develop/report metrics measuring the state of application security program


Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred 10-12 years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.

Qualifications/Required Skills:
  • 3+ years previous experience in information security and application security domains
  • 3+ years experience working within software development supporting multiple languages (e.g., Java, Python, and Node) and understand how to detect/remediate related security issues such as OWASP top 10
  • 2+ years experience with DevSecOps tooling (e.g., Sonarqube, ZAP/Burp, Github, Jenkins, Artifactory/Xray, Web application firewalls WAFs)
  • 1+ years experience with Public Cloud (e.g., Azure, AWS, and GCP) technologies (e.g., kubernetes, containers, databases as service)
  • 1+ years experience with securing containers, host, databases, and application solutions for multi-tier and micro-service systems.
  • Have a strong knowledge of building security into continuous integration and delivery (CI/CD) pipeline.
  • Ability to understand business requirements and apply security without adversely affecting the desired functionality
  • Experience with securing containers, host, databases, and application solutions for multi-tier and micro-service systems.
  • Relevant security certifications a plus (such as: GWAPT, GPEN, GCIH)
  • High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgment as it pertains to security.

BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.

Our ambition is to build the best global team - one that is representative and inclusive of the diverse talent, clients and communities we work with and serve - and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.

Primary Location: United States-Massachusetts-Wellesley
Internal Jobcode: 96131
Job: Information Technology
Organization: Architecture And Data-HR16450
Requisition Number: 2103778
BNY  Mellon logo
More Jobs Like This
See more jobs