Job Description

Date Active

Apr 1, 2022 12:00:00 AM

Requisition #

22-1378

Hours Per Week

40

Location

Remote - Nationwide

City

Remote

State

Job Description/ Requirements

Since 1935, Webster Bank has been helping individuals, families and businesses meet their financial goals. As a leading regional bank, Webster's strong foundation is built on our core values of responsibility, respect, teamwork, trust and commitment to our communities. Webster bankers remain our most valuable asset, and we pride ourselves on our diverse, equitable and inclusive work environment. Come join our team!

 

The Application Security Engineer role bridges the gap between the Application Teams and CIS team and ensuring that our applications are properly designed and delivered securely to protect our customers and data.
 
An AppSec Engineer is responsible for working with development teams to confirm compliance to CIS standards and policies. She/he will help delivery applications security standards and solutions and help support development and engineering teams to "Shift Left" and evolve to a more DevSecOps and mature our SSDLC (Secure SDLC).
 
 
MAJOR DUTIES & RESPONSIBILITES
 
* Participate in and support application design/security reviews, threat modeling, including code review and security testing (include APIs)
* Own and perform application security vulnerability management
* Support and consult with development and engineering teams in the areas of application security
* Educates development team on security procedure and standards, and ensures they are followed
* Participate in agile activities (daily standups, backlog review, iteration planning etc)
* Contribute to team's backlog by creating stories/defects
* Research and help develop security solutions to help secure applications (Security Testing, API Security, Data Protection, Identity Protection)
* Experience in API Security Platforms like SALT, and NoName a plus
* Partnering with CIS to help deliver and standardize security solutions such as (WAF, API Security etc)
* Knowledge of application threat modeling, Remediation of OWASP Top 10, SANS Top 25 a plus
* Create Security guidance/documentation for development/engineering teams
* Help deliver application security training/outreach to development/engineering teams

EDUCATION, EXPERIENCE & SKILLS

Indicate the education level, previous experience, specific knowledge, skills and abilities required to meet the minimum entry-level requirements for this position. This may include special skills, licenses, certificates, etc.
* Bachelor's Degree in Computer Science, Engineering, or a directly related field preferred.
* 3-5 years of professional IT experience.
* Experience with OWASP, SAST, DAST, SCA, RASP and common security tools
* 3-5 years experience in threat modeling and secure code review
* 2-3 years development and scripting experience
* 2-3 years experience with API Security
* 2-3 Cloud Experience (AWS)
* Experience with WAF, or similar application security infrastructure a plus
* Gitlab Experience a plus
* Experience in integrating security in CI/CD, DevOps a plus
* Knowledge of Security concepts, like IAM, Encryption, Network Security, Cloud Security
* Able to communicate effectively with non-technical staff and with members of interdisciplinary teams.
* Flexible and adaptable in regards to learning and understanding new technologies.
* Strong understanding of bank systems and processes preferred.
* Strong written, oral, and interpersonal communication skills.
* Highly self motivated and directed.
* Keen attention to detail.
* Proven analytical and problem-solving abilities.
* Ability to effectively prioritize and execute tasks in a high-pressure environment.
#LI-FO1#ZR

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online