Application Security Engineer
About the Team:
Our small Application Security team is the bridge between Eze's Information Security and R&D organizations. We are working closely with our software engineers and product managers, to ensure that the software solutions Eze creates adhere to the highest information security standards possible.
You will take an essential part in strengthening the security element of the DevSecOps practices at Eze by bringing together personal research and testing, SAST and DAST findings, and bug bounty program reports, and helping the engineering and IT teams turn vulnerabilities into actionable opportunities to improve the security posture of our products and systems. You will report to the Director of Application and Cloud Security, and work in close association with the product engineering teams to help to maintain and enforce application security best practices throughout the SDLC and DevOps.
Day to Day:
- Research threats and attack vectors that may impact Eze's web, enterprise and mobile applications and infrastructure. Stay up-to-date with current offensive and defensive tactics, techniques and procedures.
- Assist engineering teams with the configuration, tuning and operation of SAST and DAST tools, and their integration into the development process.
- Help to validate and interpret SAST, DAST, bug bounty program and penetration test findings, demonstrate identified vulnerabilities, assess risks, evaluate possible fixes, and verify successful remediation.
- Assist in creating and delivering training for engineering team members on secure code development, and other security literacy topics.
- Help to develop and collect metrics to measure the success of the application security program.
- Assist with the incident response procedures.
- Excellent communication skills and ability to work across multiple teams.
- 3 years of hands-on experience in information security.
- Experience with SAST and DAST tools, such as Checkmarx, Fortify, Veracode, WhiteHat Security, AppScan.
- Experience with performing manual application vulnerability assessments.
It would be great if you also had:
- Bachelor's Degree in a related field.
- Prior bug bounty programs participation experience.
- Experience working within DevOps/DevSecOps model.
- Industry certifications: OSCP, CEH, relevant (ISC)2 and SANS certifications.
Work with great people.
Complexity/Challenging problems to address daily in an innovative way. Who We Are:
We are a trusted and proven partner to the investment community. We complement our award winning investment workflow technology with expert global customer service. We pride ourselves on fully understanding each client's unique needs and advising them on best practices and processes to maximize their operational and investment alpha. Our team is made up of more than 1,000 global employees in 11 locations worldwide. We are headquartered in Boston, with offices in Chicago, Hong Kong, Hyderabad, London, New York, Rio De Janeiro, San Francisco, Singapore, Stamford, and Sydney.Our Culture:
We are a highly dedicated team of innovators and experts who love to collaborate on the cutting edge. We service our clients' unique and growing needs with highly configurable, expansive, and integrated products for the entire investment process and community and we are never satisfied until our customers are delighted. We celebrate this passion and commitment by fostering a culture that promotes innovation, growth, communication and achievement from the bottom up. We nurture the entrepreneurial spirit and welcome productive debate. We encourage open communications and upward feedback, we learn quickly from our mistakes, challenge the status quo - all while remaining accountable to our colleagues and clients. We also understand work is a big part of life, so having fun and celebrating hard work is core within our culture. SS&C Eze is an equal opportunity employer.