What are the responsibilities and job description for the Application Security Engineer position at ProSight Financial Association?
Chicago, IL
Reports To: Director, Product Development & Operations
BAI and RMA have come together as ProSight Financial Association, a leading industry organization whose purpose is to empower financial services leaders to strengthen and advance our industry. The strategic combination brings together RMA’s expertise in serving the commercial banking and risk management functions and BAI’s knowledge in serving the retail banking and regulatory compliance functions. It’s a complementary union of two non-profit organizations that have always had their members’ and customers’ best interests in mind. Our industry-leading offerings include peer sharing events, thought leadership, learning and development, and decision support solutions. Our work creates positive ripple effects throughout financial services organizations and ultimately helps consumers, businesses and communities thrive.
We are seeking an Application Security Engineer who will collaborate with software engineers to establish and enforce secure coding practices, contribute to defining security best practices, and foster a culture that promotes security as a core tenet, from initial design through production deployment.
What You’ll Do:
To learn more about our company please visit www.prosightfa.org, www.bai.org, and www.rmahq.org
Reports To: Director, Product Development & Operations
BAI and RMA have come together as ProSight Financial Association, a leading industry organization whose purpose is to empower financial services leaders to strengthen and advance our industry. The strategic combination brings together RMA’s expertise in serving the commercial banking and risk management functions and BAI’s knowledge in serving the retail banking and regulatory compliance functions. It’s a complementary union of two non-profit organizations that have always had their members’ and customers’ best interests in mind. Our industry-leading offerings include peer sharing events, thought leadership, learning and development, and decision support solutions. Our work creates positive ripple effects throughout financial services organizations and ultimately helps consumers, businesses and communities thrive.
We are seeking an Application Security Engineer who will collaborate with software engineers to establish and enforce secure coding practices, contribute to defining security best practices, and foster a culture that promotes security as a core tenet, from initial design through production deployment.
What You’ll Do:
- Collaborate with developers and operations teams to anticipate security vulnerabilities, proactively assess and identify potential risks, develop mitigation strategies, and ensure that security measures are incorporated throughout the entire application development process
- Lead application security reviews and threat modeling efforts, including code reviews, dynamic testing, penetration testing, hacker simulations, and reviewing applications against OWASP Top 10
- Integrate security tools and processes into the DevOps pipeline to automate security checks and scans to identify and fix vulnerabilities early in the development process
- Establish and maintain secure coding standards and best practices and provide guidance and training to development teams
- Collaborate with development, DevOps, and IT teams to ensure that security measures are implemented in production environments
- Help manage security incident response and recovery processes, including impact assessment, remediation, root cause analysis, and preventative measures
- Define, develop, and present key application security metrics, identify critical issues proactively, and communicate them effectively to stakeholders.
- Ensure compliance with relevant security regulations and standards, especially those relevant to banking and finance
- Stay current with the latest security threats, trends, and countermeasures to ensure that the organization's applications are always protected
- Bachelor’s degree in computer science or a related field
- 5 years of experience executing application security testing methodologies (e.g., SAST, SCA, DAST, etc.)
- Strong understanding of OWASP Top 10, NIST guidelines, common security vulnerabilities, and best practices
- Experience with intrusion detection systems and vulnerability scanners
- Experience integrating security tools and processes into the DevOps pipeline
- Experience developing software using .NET, C#, T-SQL, stored procedures, React, etc.
- Experience with Azure, including Entra External ID, cloud-native microservices, Kubernetes, and Docker
- Experience with HTML, JavaScript and CSS
- Experience with DevOps practices and networking a plus
- Relevant certifications such as CISSP, CSSLP, OSCP, CEH, or Azure Security Engineer Associate a plus
- Experience using AI tools to accelerate or improve software development processes and the risks of using generative AI or machine learning a plus
- Ability to communicate effectively with both technical and non-technical stakeholders
- Experience with agile software development methodologies a plus
- Experience with e-learning/online learning, policy management, and/or governance risk and compliance a plus
- Familiarity with financial services/banking industry a plus
- Ability to work in the Chicago office periodically is required
To learn more about our company please visit www.prosightfa.org, www.bai.org, and www.rmahq.org
Salary : $110,000 - $140,000