Principal, Information Security - Application Security

Systems, Development, Lifecycle, Software, SDLC, Management, Research, Security, Application, Java, Python, Web
Full Time

Job Description


BNY Mellon-s Data and Analytics Solutions further extend Asset Servicing capabilities in securities and cash into the world-s most important -asset class,- data. As a software and content business, inclusive of Eagle Investment Systems- data management, accounting, and performance platform and Intermediary Analytics- sales and distribution data, the offering also includes a suite of new cloud-based products. An ecosystem of proprietary and third-party business applications are available to help firms manage their core investment process and beyond.
  • Team member contributing to full scope AppSec service (assess, discover, triage, communicate risk, advise on remediation and/or where necessary implement hotfix/workarounds) collaborating with product owners, developers, technical operation teams within the both Product Development Lifecycle (PDLC) and Software Development Lifecycle (SDLC).
  • Continuous improvement and service delivery of the application security program, aligning staff, tools, and processes to key security metrics and controls within the PDLC/SDLC enabling timely and secure Product feature releases.
  • Provide application security guidance and oversight across Product Management, Research & Development, and Operations teams to Influence the design and implementation of upcoming products and services with a mindset of "Security by Default"
  • Responsible for targeted product Application Security assessments and posture through security testing on applications using dynamic and static analysis tools and penetration testing for both internal / external managed services.
  • Design and deploy state-of-art technology to meet the business needs and interface with business units regarding technical planning and application security topics.
  • Perform proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes.
  • Perform validation of security controls to insure adherence with compliance and industry best practices.
  • Perform hands on security testing of products and services to proactively Client risk and track them to resolution.
  • Use a risk-based approach, advocate for and help prioritize remediation of security findings and develop/report metrics measuring the state of application security program.
  • Consults on a senior level and provides professional support for major components of the company's information security infrastructure. Contributes to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms in diverse system environments. Consults with the business and operational infrastructure personnel regarding new and existing technologies. Recommends new security tools to management and reports and provides guidance and expertise in their implementation. Reviews and analyzes highly complex data and information to provide insights, conclusions and actionable recommendations. Defines, implements, and applies area-wide security and/or COB policies and standards by leveraging in-depth knowledge of globally accepted information security and/or COB principles. Addresses high risk security concerns or incidents. Recommends course of action to mitigate risk and ensures that appropriate standards are established and published. Contributes to the achievement of area objectives.
  • Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred
  • 10-12 years of experience in information security or related technology experience required
  • Experience in the securities or financial services industry is a plus
  • 3+ years previous experience in information security and application security domains
  • 3+ years experience working within software development supporting multiple languages (e.g., Java, Python, and Node) and understand how to detect/remediate related security issues such as OWASP top 10
  • 3+ years experience with DevSecOps tooling (e.g., Sonarqube, ZAP/Burp, Github, Jenkins, Artifactory/Xray, Web application firewalls WAFs)
  • 1+ years experience with Public Cloud (e.g., Azure, AWS, and Google Cloud Platform) technologies (e.g., kubernetes, containers, databases as service)
  • 1+ years experience with securing containers, host, databases, and application solutions for multi-tier and micro-service systems.
  • Have a strong knowledge of building security into continuous integration and delivery (CI/CD) pipeline.
  • Ability to understand business requirements and apply security without adversely affecting the desired functionality
  • Experience with securing containers, host, databases, and application solutions for multi-tier and micro-service systems.
  • High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgment as it pertains to security.
  • Relevant security certifications a plus (such as: GWAPT, GPEN, GCIH)
Dice Id : 91003102
Position Id : 2114550
Originally Posted : 3 months ago
Have a Job? Post it

Similar Positions

Principal, Cyber Security Cloud Architect
  • BNY Mellon Corporation
  • Wellesley, MA, USA
Director Information Security
  • Modis
  • Boston, MA, USA
Application Security Engineer
  • ePromptus Inc.
  • Boston, MA, USA
IT Security Program Manager
  • Robert Half
  • Needham, MA, USA
Technology Governance and Controls
  • BNY Mellon Corporation
  • Wellesley, MA, USA
Security Infrastructure Engineer
  • Motion Recruitment
  • Cambridge, MA, USA
IT Support Security Engineer
  • Amplify Resources Group
  • Boston, MA, USA
IT Security Manager
  • Judge Group, Inc.
  • Waltham, MA, USA
  • Corporate Consulting Services
  • Boston, MA, USA
Principle, Full-Stack Developer - Java, Python, Oracle, Perl, Eagle
  • BNY Mellon Corporation
  • Westborough, MA, USA