Application Security Engineer

If you’re looking for a meaningful career, you’ll find it here at Webster. Founded in 1935, our focus has always been to put people first--doing whatever we can to help individuals, families, businesses and our colleagues achieve their financial goals. As a leading commercial bank, we remain passionate about serving our clients and supporting our communities. Integrity, Collaboration, Accountability, Agility, Respect, Excellence are Webster’s values, these set us apart as a bank and as an employer.Come join our team where you can expand your career potential, benefit from our robust development opportunities, and enjoy meaningful work!As an Application Security Engineer, you will play a vital role in safeguarding our organization's applications and data. Your expertise will help us maintain a robust security posture and ensure the trust of our users and stakeholders.The primary function for this position is to ensure that applications and services are secured and implemented with best security practices. As an Application Security Engineer, you will be responsible for designing, implementing, and maintaining security measures for our organization's applications and software systems. You will work closely with development teams to integrate security practices throughout the software development lifecycle (SDLC) and ensure that our applications are protected against potential threats and vulnerabilities. You will help manage the application security program, define standards, policies, and procedures, and coordinate with engineering teams to implement and maintain security platforms.Key ResponsibilitiesSecurity Assessment and ImplementationConduct security-focused code reviews and application security assessmentsPerform threat modeling and risk assessments for new and existing applicationsImplement and maintain security controls, including authentication, authorization, and encryption mechanismsDevelop and oversee secure code analysis programs in conjunction with development teamsVulnerability ManagementIdentify and assess security vulnerabilities in applications and systemsLead the remediation of application vulnerabilities discovered through scanning and security testingHelp manage the organization's vulnerability intake and remediation processCollaboration and GuidanceWork closely with development teams to integrate security best practices into the SDLCProvide guidance and training on secure coding practices and application securityCollaborate with IT professionals to harden systems and applicationsSecurity Architecture and DesignAssist in designing secure application architectures and infrastructureEvaluate and provide recommendations on third-party applications and servicesContribute to the development of security policies, standards, processes, and proceduresContinuous Improvement and ResearchStay up-to-date with the latest security threats, trends, and countermeasuresResearch and analyze application behaviors to improve security and stabilityContribute to the evolution of the organization's application security functions and servicesRequired QualificationsBachelor's degree in Computer Science, Information Security, or a related field5+ years of experience in cybersecurity, application security, or a similar IT roleStrong understanding in security engineering, system and network security, authentication and security protocols, cryptography, and application securityStrong understanding of web application security, including OWASP Top 10 vulnerabilitiesProficiency in secure coding practices and common programming languages (e.g., .NET, Java, Python)Experience with security testing tools and methodologies (e.g., SAST, SCA, DAST, penetration testing)Familiarity with compliance regulations and industry security standardsExcellent problem-solving and analytical skillsStrong communication skills and ability to work effectively in cross-functional teamsPreferred QualificationsRelevant security certifications (e.g., CISSP, GIAC, CCNA)Experience with cloud security and containerization technologiesKnowledge of DevSecOps practices and CI/CD pipelinesFamiliarity with threat modeling methodologies and risk assessment frameworksExperience with advanced persistent threats, phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authenticationKey CompetenciesAttention to detail and strong analytical thinkingAbility to work in a fast-paced, dynamic environmentExcellent written and verbal communication skillsProactive approach to identifying and addressing security issuesContinuous learning mindset to stay updated on emerging security threats and technologiesThe estimated salary range for this position is $115,000 to $130,000. Actual salary may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position is eligible for incentive compensation.All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

#J-18808-Ljbffr