Application Security Engineer
APPLICATION SECURITY ENGINEER
WHAT IS THE OPPORTUNITY?
As a member of the Attack Surface Reduction team, you will be responsible for implementing and maintaining secure software development practices within our organization. You will work closely with software developers and other team members to ensure that our applications are secure, addressing security issues discovered during the secure development process. As security issues are uncovered, the Application Security Engineer communicates technical solutions to development teams with a focus on risk mitigation to improve business continuity.
The engineer is also responsible for assessing the security of internally developed, third-party developed, commercial off the shelf (COTS), and open-source software applications. This includes using automated and manual tools to verify vulnerability risk and perform penetration tests.
Additional responsibilities will include development of automated process, training developers, deploying application security tools, developing remediation solutions, or finding solutions to other challenging problems related to application security.
WHAT YOU WILL BE DOING?
- Partnering with development teams to verify automated scan and penetration testing results and design/select remediation approaches.
- Perform application penetration tests
- Collaborate with other security teams such as security operations, red teams, threat intelligence and risk management to remediate vulnerabilities, understand risk, and reduce the attack surface.
- Interface with development teams to configure, perform, and validate the results of SAST, DAST, OSS, and penetration testing, and assist in selecting remediation solutions for those findings.
- Develop automated testing scripts, process, testing tools, exploits, remediation notes, or attack vectors
- Consult, advise or oversee the secure design and configuration requirements of key application projects to ensure compliance with bank and regulatory standards
- Educate and train application teams on security topics and skills to build strong relationships within the development community
WHAT DO YOU NEED TO SUCCEED
Must-Have*
- Bachelor's Degree in Business, Computer Science or equivalent
- Minimum 5 years experience in Information/Cyber Security field
- Minimum 5 years experience as an engineer or administrator of enterprise security technology platform
Skills and Knowledge
- Experience in application security vulnerabilities, tools, and exploits
- A strong understanding of the OWASP top ten and other frameworks for application security
- Strong understanding of testing methodologies used for SAST, DAST, and OSS.
- Web development experience along with proficiency in common development tools such as Git and IDEs, and how security tools integrate with CI/CD pipelines
- Strong written and verbal communication skills, as well as the ability to work well with a diverse mix of stakeholders
- Experience with common development tools such as Git and IDEs
- Experience in developing alternative solution to difficult problems
- Self-motivation with a strong desire to learn, improve skills and share knowledge with others.
- Security Certifications such as CISSP, OSCP, PenTest+, GWAPT.
- Pen Testing Experience
- Experience using vulnerability detection tools
- Experience exploiting vulnerabilities
- Threat modeling experience
- Experience with one or more enterprise security platforms
- Experience as an engineer in the design, implementation and support in a complete enterprise IT environment
- Knowledge of secure build and configuration standards in a highly regulated environment
- Excellent communication and interpersonal skills. Including a strong ability to create positive and professional business relationships with partner engineering and architecture teams across IT
- Strong commitment to working as a team and providing excellent customer service.
- Bachelor's degree in business, computer science or related field preferred
- Security certifications (CISSP, GSEC, etc.) are preferred.
- System administration certifications (CCNA, MCSA, etc.) Preferred
- Formalized training and mastery in security platform or product
Compensation
Starting base salary: $92,114 - $156,880 per year. Exact compensation may vary based on skills, experience, and location. This job is eligible for bonus and/or commissions.
*To be considered for this position you must meet at least these basic qualifications
The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
Benefits and Perks
At City National, we strive to be the best at whatever we do, including the benefits and perks we offer our colleagues. Get an inside look at our Benefits and Perks.
INCLUSION AND EQUAL OPPORTUNITY EMPLOYMENT
City National Bank is an equal opportunity employer committed to diversity and inclusion. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other basis protected by law.
ABOUT CITY NATIONAL
We start with a basic premise: Business is personal. Since day one we've always gone further than the competition to help our clients, colleagues and community flourish. City National Bank was founded in 1954 by entrepreneurs for entrepreneurs and that legacy of integrity, community and unparalleled client relationships continues to drive phenomenal growth today. City National is a subsidiary of Royal Bank of Canada, one of North America's leading diversified financial services companies.
