Principal Application Security Engineer
BNY Mellon's Data and Analytics Solutions further extend Asset Servicing capabilities in securities and cash into the world's most important 'asset class,' data. As a software and content business, inclusive of Eagle Investment Systems' data management, accounting, and performance platform and Intermediary Analytics' sales and distribution data, the offering also includes a suite of new cloud-based products. An ecosystem of proprietary and third-party business applications are available to help firms manage their core investment process and beyond.
- Team member of a full scope AppSec service (assess, discover, triage, communicate risk, advise on remediation and/or where necessary implement hotfix/workarounds) collaborating with product owners, developers, technical operation teams within the both Product Development Lifecycle (PDLC) and Software Development Lifecycle (SDLC).
- Continuous improvement and service delivery of the application security program, aligning staff, tools, and processes to key security metrics and controls within the PDLC/SDLC enabling timely and secure Product feature releases.
- Provide application security guidance and oversight across Product Management, Research & Development, and Operations teams to Influence the design and implementation of upcoming products and services with a mindset of "Security by Default".
- Responsible for overall Application Security assessments and posture through security testing on applications using dynamic and static analysis tools and penetration testing for both internal / external managed services.
- Design and deploy state-of-art technology to meet the business needs and interface with business units regarding technical planning and application security topics.
- Perform proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes.
- Perform validation of security controls to insure adherence with compliance and industry best practices.
- Perform hands on security testing of products and services to proactively Client risk and track them to resolution
- Use a risk-based approach, advocate for and help prioritize remediation of security findings and develop/report metrics measuring the state of application security program
Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred 10-12 years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus. Qualifications/Required Skills:
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
- 3+ years previous experience in information security and application security domains
- 3+ years experience working within software development supporting multiple languages (e.g., Java, Python, and Node) and understand how to detect/remediate related security issues such as OWASP top 10
- 2+ years experience with DevSecOps tooling (e.g., Sonarqube, ZAP/Burp, Github, Jenkins, Artifactory/Xray, Web application firewalls WAFs)
- 1+ years experience with Public Cloud (e.g., Azure, AWS, and GCP) technologies (e.g., kubernetes, containers, databases as service)
- 1+ years experience with securing containers, host, databases, and application solutions for multi-tier and micro-service systems.
- Have a strong knowledge of building security into continuous integration and delivery (CI/CD) pipeline.
- Ability to understand business requirements and apply security without adversely affecting the desired functionality
- Experience with securing containers, host, databases, and application solutions for multi-tier and micro-service systems.
- Relevant security certifications a plus (such as: GWAPT, GPEN, GCIH)
- High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgment as it pertains to security.
Minorities/Females/Individuals With Disabilities/Protected Veterans. Our ambition is to build the best global team - one that is representative and inclusive of the diverse talent, clients and communities we work with and serve - and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums. Primary Location:
United States-Massachusetts-Wellesley Internal Jobcode:
Information Technology Organization:
Architecture And Data-HR16450 Requisition Number: