We are seeking highly collaborative, creative and intellectually curious engineers who are passionate about forming and implementing cutting-edge security controls in the cloud. Candidates should be comfortable working in a fast-paced DevOps environment.
RESPONSIBILITIES AND QUALIFICATIONS
As a Security Engineer in Commercial Banking, you will be responsible for securing the applications (Web/API/Mobile) managed by the business unit.
The position is hands-on and requires close collaboration with Product Management Engineering, Program Management, and Dev Ops teams.
In addition to developing / maintaining / operating / integrating security Infrastructure, you will act as a security advisor to architects, developers, analysts and others to ensure we embed security into the platform.
Drive adoption of embedded application security controls as part of the Software Development Life Cycle (SDLC) in Agile methodology
Automate security test cases for continuous controls monitoring
Review requirements / architecture to ensure security and privacy by design
Secure Code Reviews and Penetration Testing
Serve as an advisor for security related product features like authentication, cryptography, etc
10 years’ experience in application security or related fields and risk analysis techniques
Expert knowledge of application security best practices including OWASP and CWE
Strong software engineering background; programming experience in Java and Python preferred
Secure software development practices and frameworks
Security testing methodologies, tools and techniques with understanding of common application security vulnerabilities and controls to remediate
Hands-on experience with web application Penetration Testing
Hands-on experience with cloud security/designing secure systems on AWS technical solutions using Open ID Connect, OAuth2.0 , MTLS etc.
Experience working in a Linux environment, including system engineering, high availability design, performance analysis, network troubleshooting.
Knowledge of container technologies: Docker and Kubernetes.
Experience using infrastructure as code tools (e.g. Terraform, CloudFormation)