Application Security Engineer

| Chicago, IL | Hybrid
Sorry, this job was removed at 9:11 a.m. (CST) on Friday, January 14, 2022
Find out who's hiring in Chicago, IL.
See all Cybersecurity + IT jobs in Chicago, IL
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

JOB DESCRIPTION

Application Security Engineer (Donnelley Financial LLC; Chicago, IL): Functionally support product engineering and development teams to secure company’s SaaS products portfolio. Assess and understand the security posture and attack surface of all DFIN products, and for assistance in the development of the appropriate security controls. Conduct security assessments, security penetration testing, and validation of test results. Provide security insights to vulnerability scan/pen test results. Work closely with development teams to assess the security posture/risk of the product features being developed. Perform architectural risk analysis, threat modeling, secure design and source code review. Effectively manage relationship with external application security and penetration testing partners. Incorporate security tools and tasks into automated product development and deployment lifecycle (SAST/DAST/IAST integration into CI/CD pipeline). Provide expert knowledge and guidance to the product development teams about security vulnerabilities and applicable remediation paths. Serve as a critical resource to ensuring each DFIN product is developed in alignment with industry-leading Secure Product/Software Development standards. Participate in development of the DFIN Application Security Standards, best practices and associated metrics. 40 hrs/wk, 9:00 am – 5:00 pm. 

MINIMUM REQUIREMENTS

Master's degree in Computer Science or a related field and 3 years of related work experience.

Must also have at least 2 years of experience in each of the following:

  • Developing technical (XSS) and functional (fraud) abuse test cases;
  • Using CI/CD pipelines including tools and technologies such as Azure DevOps (former VSTS), Github, And Jenkins:
  • Applying OWASP security concepts to common application security risks including XSS, CSRF, SOL Injection, and Cookie Manipulation;
  • Utilizing vulnerability management and penetration testing tools such as NMAP, Core Security, Burp, Zap, Rapid7 Nexpose, Kali Linux, and Metasploit;
  • Demonstrating knowledge of NIST framework, Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM);
  • Deploying fundamental application security building blocks such as: authenticatin, authorization, data validation, encryption, exception handling and logging; and
  • Utilizing SAST/DAST/IAST tools such as Checkmarx, Veracode, Rapid 7 AppSpider, IBM AppScan and HP/Microfocus Fortifty.

Must have at least 1 year of experience in the following:

  • Analyzing the inherent security risks of cloud platforms such as MS Azure and Amazon AWS and developing relevant security controls.

Up to 10% travel required. 100% telecommuting permitted. Applicant may reside anywhere in the U.S.A.

How to apply:

To apply, please visit https://jobs.dfinsolutions.com/ and search Job ID 2467.

This notice is provided as a result of the filing of an application for permanent alien labor certification for the relevant job opportunity, in compliance with 20 CFR 656.10(d). Any person may provide documentary evidence bearing on the application to the Certifying Officer of the U.S. Department of Labor holding jurisdiction over the location of the proposed employment. Contact information for these offices can be found on the Internet at:

http://www.foreignlaborcert.doleta.gov/contacts.cfm#npc

U.S. Department of Labor

Employment and Training Administration

Office of Foreign Labor Certification

200 Constitution Avenue NW, Room N- 5311

Washington DC 20210

Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

Technology we use

  • Engineering
    • C#Languages
    • JavaLanguages
    • PythonLanguages
    • SqlLanguages
    • jQueryLibraries
    • ReactLibraries
    • AngularFrameworks
    • Angular.JSFrameworks
    • ASP.NETFrameworks
    • KubernetesFrameworks
    • Node.jsFrameworks
    • TerraformFrameworks
    • DynamoDBDatabases
    • Microsoft SQL ServerDatabases
    • MongoDBDatabases
    • MySQLDatabases
    • NoSQLDatabases
    • SAP HANADatabases
    • TeradataDatabases
    • Microsoft AzureServices
    • New RelicServices

An Insider's view of DFIN

What projects are you most excited about?

In transforming and improving FinTech products, excitement comes from the challenge of knowing that the problems are complex, yet the solutions must be easy to use. When we start a new project, I can't wait to sink my teeth into understanding the problem space, talking to users, designing the solution, and seeing it through to release.

Dan

Principal Product Designer

What makes someone successful on your team?

Active and honest listening – Contrary to the stereotypical, extroverted sales rep, some of my most effective and insightful client interactions are when I do the least amount of talking, and the most active listening. Client insight is exponentially easier to excavate when you stop “pitching” – and start listening.

Carey

Senior Sales Representative

What is your vision for the company?

Our business plan reflects the change in products DFIN is selling today versus what we sell in five years. DFIN today is a company that offers a lot of professional services that we added software to, but the goal is to become a SaaS company that has services to support it.

Stephen

SVP, Global Head of Engineering

What does your typical day look like?

The role of a software engineer is really about creating computational systems and ensuring they behave as designed. My day-to-day is focused mostly on writing code that provides new functionality within our products that we see a need for in the market—and providing quality control to be certain it works properly.

Herve

Senior Software Engineer

What are DFIN Perks + Benefits

DFIN Benefits Overview

The world continues to change in ways we never expected, but there is one constant: your safety and well-being is a top priority, and DFIN has you covered with our benefits.

Culture
Volunteer in local community
Partners with nonprofits
Open door policy
OKR operational model
Team based strategic planning
Open office floor plan
Employee resource groups
Employee-led culture committees
Quarterly engagement surveys
Hybrid work model
Employee awards
Flexible work schedule
We value a work / life balance at DFIN.
Remote work program
We have partial and fully remote opportunities at DFIN.
Diversity
Documented equal pay policy
Dedicated diversity and inclusion staff
Highly diverse management team
Mandated unconscious bias training
Diversity manifesto
Diversity employee resource groups
Hiring practices that promote diversity
Diversity recruitment program
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability insurance
Dental insurance
Vision insurance
Health insurance
Life insurance
Wellness programs
Mental health benefits
Wellness days
Financial & Retirement
401(K)
401(K) matching
Company equity
Employee stock purchase plan
Performance bonus
Child Care & Parental Leave Benefits
Childcare benefits
Generous parental leave
Family medical leave
Family Medical Leave granted under the Family and Medical Leave Act (FMLA).
Adoption Assistance
Return-to-work program post parental leave
Vacation & Time Off Benefits
Unlimited vacation policy
Generous PTO
Paid holidays
Paid sick days
Flexible time off
Floating holidays
Bereavement leave benefits
Hardship benefits
Office Perks
Commuter benefits
Company-sponsored outings
Free snacks and drinks
Some meals provided
Company-sponsored happy hours
Onsite office parking
Employee parking available
Fitness stipend
Mother's room
Onsite gym
Professional Development Benefits
Job training & conferences
Lunch and learns
Promote from within
Mentorship program
Continuing education available during work hours
Online course subscriptions available
Customized development tracks
Paid industry certifications
Personal development training
Apprenticeship programs

Additional Perks + Benefits

DFIN has implemented a Employee Stock Purchase Program.

More Jobs at DFIN

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about DFINFind similar jobs like this