Lead Applications Security Engineer
Chicago, IL or NY
Must be authorized to work in the US for any employer without sponsorship
No third party resumes
Major trading firm is seeking a highly skilled and experienced Lead Security Engineer to secure applications that run and support the commodities exchange. Will be integrating assessments as well as static and dynamic scans into the software development lifecycle. Must be hands on technical security applications engineer with a development background.
- Manual review of source code (Java, C#, C++) for security vulnerabilities.
- Assessments of HTTP and proprietary protocols.
- Development of bespoke assessment tools.
- Development of in-house tools to integrate with SDLC and to track and derive security metrics.
- Implementation of static and dynamic automated security testing tools and their deployment within continuous integration systems.
- Strong ethical hacking, penetration testing and source code experience
- Must be a lead in current role.
- 7-10 yrs. experience performing application security assessments both with and without source code.
- Strong development background
- Full stack knowledge of web and network applications.
- Familiarity with Tibco and other messages queues a plus .
- Continuous integration, static analysis (Fortify, Coverity, and or Veracode), and scanning tools (webinspect, Appscan, NTObjectives)