Application Security Engineer

company banner
SS & C Technologies Inc
Application, Security, Engineer, IT, Director, SDLC, Research, Development, JavaScript, Python
Full Time

Job Description

Application Security Engineer

About the Team:

Our small Application Security team is the bridge between Eze's Information Security and R&D organizations. We are working closely with our software engineers and product managers, to ensure that the software solutions Eze creates adhere to the highest information security standards possible.

Overview:

You will take an essential part in strengthening the security element of the DevSecOps practices at Eze by bringing together personal research and testing, SAST and DAST findings, and bug bounty program reports, and helping the engineering and IT teams turn vulnerabilities into actionable opportunities to improve the security posture of our products and systems. You will report to the Director of Application and Cloud Security, and work in close association with the product engineering teams to help to maintain and enforce application security best practices throughout the SDLC and DevOps.

Day to Day:

  • Research threats and attack vectors that may impact Eze's web, enterprise and mobile applications and infrastructure. Stay up-to-date with current offensive and defensive tactics, techniques and procedures.
  • Assist engineering teams with the configuration, tuning and operation of SAST and DAST tools, and their integration into the development process.
  • Help to validate and interpret SAST, DAST, bug bounty program and penetration test findings, demonstrate identified vulnerabilities, assess risks, evaluate possible fixes, and verify successful remediation.
  • Assist in creating and delivering training for engineering team members on secure code development, and other security literacy topics.
  • Help to develop and collect metrics to measure the success of the application security program.
  • Assist with the incident response procedures.


Minimum Qualifications:

  • Excellent communication skills and ability to work across multiple teams.
  • 3 years of hands-on experience in information security.
  • Experience with SAST and DAST tools, such as Checkmarx, Fortify, Veracode, WhiteHat Security, AppScan.
  • Experience with performing manual application vulnerability assessments.


It would be great if you also had:

  • Bachelor's Degree in a related field.
  • Prior bug bounty programs participation experience.
  • Development experience (JavaScript, C++, C#, Python, Go).
  • Experience working within DevOps/DevSecOps model.
  • Industry certifications: OSCP, CEH, relevant (ISC)2 and SANS certifications.


#WhyEZE:

Work with great people.

Complexity/Challenging problems to address daily in an innovative way.

Who We Are:

We are a trusted and proven partner to the investment community. We complement our award winning investment workflow technology with expert global customer service. We pride ourselves on fully understanding each client's unique needs and advising them on best practices and processes to maximize their operational and investment alpha. Our team is made up of more than 1,000 global employees in 11 locations worldwide. We are headquartered in Boston, with offices in Chicago, Hong Kong, Hyderabad, London, New York, Rio De Janeiro, San Francisco, Singapore, Stamford, and Sydney.

Our Culture:

We are a highly dedicated team of innovators and experts who love to collaborate on the cutting edge. We service our clients' unique and growing needs with highly configurable, expansive, and integrated products for the entire investment process and community and we are never satisfied until our customers are delighted. We celebrate this passion and commitment by fostering a culture that promotes innovation, growth, communication and achievement from the bottom up. We nurture the entrepreneurial spirit and welcome productive debate. We encourage open communications and upward feedback, we learn quickly from our mistakes, challenge the status quo - all while remaining accountable to our colleagues and clients. We also understand work is a big part of life, so having fun and celebrating hard work is core within our culture.

SS&C Eze is an equal opportunity employer.


Company Information

S&C Technologies Holdings (NASDAQ: SSNC) is the world’s largest hedge fund and private equity administrator, as well as the largest mutual fund transfer agency. SS&C’s unique business model combines end-to-end expertise across financial services operations with software and solutions to service even the most demanding customers in the financial services and healthcare industries. SS&C owns and operates the full technology stack across securities accounting, front-to-back-office operations, performance and risk analytics, regulatory reporting, and healthcare information processes. SS&C’s trusted and proven technology delivers an unparalleled level of scalable capabilities for the most complex portfolios, the most sophisticated strategies, and the highest volumes of transactions. Through a series of carefully selected acquisitions and organic growth, the breadth and depth of SS&C’s expertise in financial services and healthcare technology are unmatched. Founded in 1986 and headquartered in Windsor, Connecticut, the company is home to 22,000+ employees across 150 office locations in 35 countries globally. With 18,000+ clients across spanning the health and financial services industries, our customer’s needs and requirements are always at the forefront of our strategy.

Dice Id : 10185448
Position Id : R0003715
Originally Posted : 2 months ago

Similar Positions at SS & C Technologies Inc

Senior Software Engineer - InTest
  • Boston,
  • 17 hours ago
DevOps and Release Engineer
  • Waltham,
  • 17 hours ago
Sr. Software Engineer
  • Birmingham, AL
  • 17 hours ago