Application Security Engineer (Perm - Hybrid or Remote)

Posted 11 Days Ago
Hiring Remotely in United States
Remote
Mid level
Fintech • Financial Services
We’re boldly disrupting banking norms to do good for our members, employees and communities.
The Role
The Application Security Engineer will validate applications for security issues, conduct vulnerability testing, collaborate with developers for security assessments, and ensure compliance with security standards while addressing security flaws and enhancing secure development practices.
Summary Generated by Built In

The Application Security Engineer will be responsible for validating application services that are designed and implemented with high security standards. Analyze the security (Red - Offense) of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Address legacy and emerging security issues, and implements repeatable secure development practices to reduce the introduction of program design flaws that may lead to exploitation. Communicate with technical and leadership teams to ensure a focus on risk mitigation to allow for business continuity. Assess applications for weaknesses and find resolutions before they can be abused and the security of applications for business-to-business initiatives, third-party relationships, outsourced solutions and vendors. Recommend programmatic controls, and monitor and manage secure development practices to address modern day issues.
Responsibilities

  • Perform vulnerability and penetration testing (Red - Offense), document security findings and focus on automation to aid inefficiencies with both testing and remediation of findings.
  • Collaborate with developers to provide repetitive validation testing prior to production while allowing for a continuous cycle of development followed by application security assessments.
  • Monitor the security community for public-facing security issues, as well as learn new tactics that can be used in testing.
  • Collaborate in application projects and change management committees. Understand what is coming and how their projects can be more secure from the start.
  • Follow a security review process to ensure an automated and repeatable process is managed. This can be through the use of dynamic and static code analysis resources.
  • Use security standards, implementation configurations and common security frameworks to prepare for and manage bug bounty programs. Document delivery and implementation advances that meet defined service-level agreements (SLAs) and business metrics. Align with architects and development teams for a mission of secure design.
  • Train developers and junior application security engineers on secure coding practices. Participate and lead security team meetings that facilitate secure design.
  • Engage in information security projects that evaluate existing security infrastructure and propose changes as defined by security leadership and architects.
  • Focus on application security that observes compliance such as Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc. - and privacy laws.
  • Handle service and escalation tickets within SLA expectations.
  • Develop security test plans from the architectural design. Identify deficiencies and make enhancements to ensure production is not impacted.
  • Drive security efficiencies, enabling security team members to work on more advanced tasks.
  • Conduct performance testing to stress the limitations of security solutions while ensuring business innovation and day-to-day processes are not negatively impacted.


Education:

  • Bachelors Degree - Computer Science or related - Minimum
  • Graduate Degree - Computer Science or related - Preferred


Years of Experience:

  • 3 Years - Cybersecurity, application programming, compliance, risk management, network security engineering, threat modeling applications or related - Minimum


In Lieu of Education:

  • 6 years - Cybersecurity, application programming, compliance, risk management, network security engineering, threat modeling applications or related


License/Certifications/Training:

  • Preferred: Security certifications GWAPT, CISSP, OSCP, or other similar


You will benefit from:
• Competitive medical, dental, and free vision benefits• Paid parental leave• Competitive compensation plan• Gym memberships discounts • Generous PTO and banking holidays off • Tuition reimbursement • 401k with immediate employer match and vesting
Adhere to and ensure compliance of all business transactions with policy and process of the Bank Secrecy Act. Ensures compliance with all applicable state and federal laws, company procedures and policies. Maintains integrity and ethics in all actions and conversations with or regarding credit union members and their accounts; complies with Privacy Act directives.
The responsibilities listed do not contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this position. Duties, responsibilities and activities may change at any time with or without notice.

What the Team is Saying

Maria Donoulis
Shaz Shahzad
Emily Cheshire
Kim DelMedico
Sarah Hussain
Andrea Navarro
Jai Cadney
Priscilla Tolemy
The Company
HQ: Chicago, IL
880 Employees
Hybrid Workplace
Year Founded: 1935

What We Do

Alliant is unlike any other financial institution — a digital credit union that wows our members. We’re boldly disrupting banking norms to do good for our members, employees and communities.

With over 85 years of history and more than $19 billion in assets, Alliant Credit Union is the largest credit union in Illinois and one of the largest in the U.S.

Our industry-leading financial products, seamless digital experiences and exceptional customer service make banking simpler for our 800,000+ members.

Fully digital, fully human and full of possibility, we work to provide our members with experiences that redefine the financial industry, challenge the status quo and unleash brilliance.

Why Work With Us

Our employees enjoy a hybrid schedule, allowing for flexible remote work and purpose-driven, outcome-focused onsite opportunities. Driven by Alliant's guiding principles and values, employees across all teams build together to provide our members with industry-leading financial products, seamless digital experiences & exceptional customer service.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

Alliant Credit Union Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Alliant offers a purpose-driven, outcome-focused hybrid workplace model.

Typical time on-site: Flexible
HQChicago, IL
We are located near O'Hare. We have plenty of parking space available.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account