RockvilleMDRecruiter Since 2001
the smart solution for Rockville jobs

Application Security Engineer

Company: Financial Industry Regulatory Authority, Inc.
Location: Rockville
Posted on: June 7, 2021

Job Description:

The Senior Application Security Engineer is responsible for promoting, designing, and evaluating application security in all phases of the application life cycle. The ASE shall ensure that appropriate and effective security techniques and solutions are identified, implemented, and used. May lead a small team of Engineers.

Essential Job Functions:

  • Software Security Assessment: Evaluate applications for appropriate and effective use of security controls using tools and techniques such as source code analysis, vulnerability scanners, and manual testing techniques.
  • Application Security Control Development: Provide expert guidance to developers on the appropriate selection and implementation of relevant application security controls.
  • Security Awareness Training: Design, develop and deliver presentations focused on raising awareness for crucial security relevant considerations and defensive programming techniques.
  • Support the planning and execution of the application security testing and evaluation program with possibility to mentor junior team members
  • Advise and consult internal clients on appropriate application of security practices and existing security services to solve problems or enable new business opportunities.
  • Serve as subject matter expert on application and information security technologies and methodologies.

Other Responsibilities:

  • Perform other duties and responsibilities as assigned.

Education/Experience Requirements:

  • B.S or M.S in Computer Science, or equivalent education or experience. Emphasis in software security a plus.
  • At least three (3) years of professional experience with M.S degree or at least five (5) years of experience with a B.S degree to include:
  • Two (2) or more years in software engineering and development with emphasis on the delivery of secure, Internet-exposed, multi-tier, web-based systems using Java/J2EE and/or C#/ASP/.NET (experience with both a plus).
  • At least one (1) year of hands-on experience evaluating the security of applications using both manual and automated techniques. Relevant tool experience should include code security scanners such as Fortify SCA, Checkmarx; web vulnerability scanners such as HP WebInspect or IBM Rational AppScan; assessment support tools such as BurpSuite, Metasploit, or Core Impact.

  • Experience mentoring and leading small teams and demonstrated responsibility for managing security assessments for a portfolio of applications is desirable.
  • Strong written and verbal communication skills. Specific relevant experience may include technical reports (especially application security assessment reports), technical whitepapers, presentation development and delivery (for both technical and business audiences), technical training, etc. Candidate should have experience making and defending sound technical arguments that incorporate relevant technical and business considerations, and building consensus among stakeholders.

Required Skills:

  • Application Security (AppSec) domain knowledge/experience, including ALL of the following
  • Manual source code review
  • Experience analyzing DAST/SAST scan results (not just running the tools); Ideally with AppScan or Netsparker, and Checkmarx
  • Application penetration testing; ideally with BurpSuite

  • Solid Java Knowledge, and ideally at least historical Development Skills; e.g. a good understanding Core Java and ideally relevant frameworks (e.g. Spring, Hibernate, ).
  • Strong understanding of both Web Application and Web Service architectures, as well as associated protocols
  • Networking fundamentals (ideally security-centric)
  • Demonstrated history of making Security their career path through roles held and credentials obtained

Highly Desired Skills:

  • Python Knowledge + Development Skills
  • Capture the Flag (CTF) / red team exercise experiences.
  • Web Application Firewall (WAF) knowledge/experience
  • AWS Development Skills (e.g. ideally not just AWS Console access, but API level exposures) OR solid AWS Security knowledge.
  • Relevant Credentials, such as (Masters in Cybersecurity, OSCP, CEH)
  • Any of the following additional credentials
  • Microsoft 365 Security Administration
  • Microsoft Azure Security Technologies
  • Certified Cloud Security Professional (CCSP)
  • AWS Certified Solutions Architect
  • AWS Certified Security Speciality (Associate or Professional)

To be considered for this position, please submit an application.

The information provided above has been designed to indicate the general nature and level of work of the position. It is not a comprehensive inventory of all duties, responsibilities and qualifications required.

Please note: If the "Apply Now" button on a job board posting does not take you directly to the FINRA Careers site, enter into your browser to reach our site directly.

FINRA strives to make our career site accessible to all users. If you need a disability-related accommodation for completing the application process, please contact FINRA's accommodation help line at 240.386.4865. Please note that this number is exclusively for inquiries regarding application accommodations.

In addition to a competitive salary, comprehensive health and welfare benefits, and incentive compensation, FINRA offers immediate participation and vesting in a 401(k) plan with company match. You will also be eligible for participation in an additional FINRA-funded retirement contribution, our tuition reimbursement program and many other benefits. If you would like to contribute to our important mission and work collegially in a professional organization that values intelligence, integrity and initiative, consider a career with FINRA.

Important Information

FINRA's Code of Conduct imposes restrictions on employees' investments and requires financial disclosures that are uniquely related to our role as a securities regulator. FINRA employees are required to disclose to FINRA all brokerage accounts that they maintain, and those in which they control trading or have a financial interest (including any trust account of which they are a trustee or beneficiary and all accounts of a spouse, domestic partner or minor child who lives with the employee) and to authorize their broker-dealers to provide FINRA with duplicate statements for all of those accounts. All of those accounts are subject to the Code's investment and securities account restrictions, and new employees must comply with those investment restrictions-including disposing of any security issued by a company on FINRA's Prohibited Company List or obtaining a written waiver from their Executive Vice President-by the date they begin employment with FINRA. Employees may only maintain securities accounts that must be disclosed to FINRA at one or more securities firms that provide an electronic feed (e-feed) of data to FINRA, and must move securities accounts from other securities firms to a firm that provides an e-feed within three months of beginning employment.

You can read more about these restrictions here.

As standard practice, employees must also execute FINRA's Employee Confidentiality and Invention Assignment Agreement without qualification or modification and comply with the company's policy on nepotism.

Search Firm Representatives

Please be advised that FINRA is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, a valid written agreement and task order must be in place before any resumes are submitted to FINRA. All resumes submitted by search firms to any employee at FINRA without a valid written agreement and task order in place will be deemed the sole property of FINRA and no fee will be paid in the event that person is hired by FINRA.

FINRA is an Equal Opportunity and Affirmative Action Employer

All qualified applicants will receive consideration for employment without regard to age, citizenship status, color, disability, marital status, national origin, race, religion, sex, sexual orientation, gender identity, veteran status or any other classification protected by federal state or local laws as appropriate, or upon the protected status of the person's relatives, friends or associates.

FINRA abides by the requirements of 41 CFR 60-741.5(a). This regulation prohibits discrimination against qualified individuals on the basis of disability, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities.

FINRA abides by the requirements of 41 CFR 60-300.5(a). This regulation prohibits discrimination against qualified protected veterans, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified protected veterans.

2020 FINRA. All rights reserved. FINRA is a registered trademark of the Financial Industry Regulatory Authority, Inc.

Keywords: Financial Industry Regulatory Authority, Inc., Rockville , Application Security Engineer, Other , Rockville, Maryland

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest Maryland jobs by following @recnetMD on Twitter!

Rockville RSS job feeds