Capital Group
Application Security Engineer II
Capital Group, New York, New York, us, 10261
“I can succeed as an Application Security Engineer at CG”
As the Application Security (“AppSec”) Engineer you are an individual contributor in the Capital Group (CG) AppSec team. The CG AppSec team is part of Information Security in CG’s Information Technology Group. In the role you will be reviewing architectures, performing threat models, conducting code reviews, validating cloud configurations, and validating the DAST, SAST, and SCA findings for web applications. You will collaborate with penetration testers as appropriate and create POCs for DAST tooling where required. The team members are geographically dispersed with varying experience levels. You will help the teams understand how to fix issues and provide best practices or appropriate compensating controls. In this role, you will be using threat modeling tools, static analysis tools, and cloud configuration tools. If you are good at software security, this role is for you. This role is hybrid (in-office 3 days/week) and can be in Los Angeles CA, Irvine CA, San Antonio TX, or New York NY depending on candidate current location and/or preference.
A typical day in the life of the AppSec engineer may look like the following:
You will be performing AppSec reviews including threat modeling and code reviews.
You will meet with the software development teams to understand new applications they are building and provide them with feedback on their architecture.
You will leverage SAST, DAST, SCA tools to create findings and translate them to severity of risks in Capital Group’s technology environment.
You will write clear, succinct, and effective technical documentation summarizing your findings, risks, and recommendations.
You will write automated proof-of-concepts and automated security tests by authoring security testing tools where needed.
You will collaborate with technology stakeholders and advise on risks for technology solutions such as SaaS services and how they integrate with CG’s environment.
You will communicate effectively and have an empathetic outlook towards development teams by authoring clear, actionable guidance on writing secure code.
You will effectively present to development teams, educating them on secure development.
“I am the person Capital Group is looking for.”
You have a bachelor's degree in computer science, a related field, or equivalent experience and 2 years of experience or more.
You understand threat modeling, code reviews, network security, TCP/IP, DNS, TLS, HTTP, etc.
You have experience with technologies such as Threat modeler/Threat Dragon, Scoutsuite, Veracode, Checkmarx, Netsparker, and DAST scanners like Burpsuite.
You have the ability to automate tasks in Python, Bash, Java, C/C#/C++, Rust, etc.
You have a strong understanding of attacks in AWS, Azure, and OAuth.
You have excellent communication skills (written, oral), with the ability to simplify and document complex technical details to both technical and non-technical audiences.
You can learn quickly and have a track record of developing a deep understanding of systems and risks to the business.
You can work independently and take the initiative to drive security initiatives forward.
You can juggle multiple tasks and coordinate/delegate to achieve speedy resolutions to application security-related incidents working with Security operations.
Southern California Base Salary Range: $103,977-$166,363
San Antonio Base Salary Range: $85,477-$136,763
New York Base Salary Range: $110,221-$176,354
In addition to a highly competitive base salary, per plan guidelines, restrictions, and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital’s annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings.
You can learn more about our compensation and benefits here.
Temporary positions in Canada and the United States are excluded from the above-mentioned compensation and benefit plans.
We are an equal opportunity employer, which means we comply with all federal, state, and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state, or local law.
#J-18808-Ljbffr
As the Application Security (“AppSec”) Engineer you are an individual contributor in the Capital Group (CG) AppSec team. The CG AppSec team is part of Information Security in CG’s Information Technology Group. In the role you will be reviewing architectures, performing threat models, conducting code reviews, validating cloud configurations, and validating the DAST, SAST, and SCA findings for web applications. You will collaborate with penetration testers as appropriate and create POCs for DAST tooling where required. The team members are geographically dispersed with varying experience levels. You will help the teams understand how to fix issues and provide best practices or appropriate compensating controls. In this role, you will be using threat modeling tools, static analysis tools, and cloud configuration tools. If you are good at software security, this role is for you. This role is hybrid (in-office 3 days/week) and can be in Los Angeles CA, Irvine CA, San Antonio TX, or New York NY depending on candidate current location and/or preference.
A typical day in the life of the AppSec engineer may look like the following:
You will be performing AppSec reviews including threat modeling and code reviews.
You will meet with the software development teams to understand new applications they are building and provide them with feedback on their architecture.
You will leverage SAST, DAST, SCA tools to create findings and translate them to severity of risks in Capital Group’s technology environment.
You will write clear, succinct, and effective technical documentation summarizing your findings, risks, and recommendations.
You will write automated proof-of-concepts and automated security tests by authoring security testing tools where needed.
You will collaborate with technology stakeholders and advise on risks for technology solutions such as SaaS services and how they integrate with CG’s environment.
You will communicate effectively and have an empathetic outlook towards development teams by authoring clear, actionable guidance on writing secure code.
You will effectively present to development teams, educating them on secure development.
“I am the person Capital Group is looking for.”
You have a bachelor's degree in computer science, a related field, or equivalent experience and 2 years of experience or more.
You understand threat modeling, code reviews, network security, TCP/IP, DNS, TLS, HTTP, etc.
You have experience with technologies such as Threat modeler/Threat Dragon, Scoutsuite, Veracode, Checkmarx, Netsparker, and DAST scanners like Burpsuite.
You have the ability to automate tasks in Python, Bash, Java, C/C#/C++, Rust, etc.
You have a strong understanding of attacks in AWS, Azure, and OAuth.
You have excellent communication skills (written, oral), with the ability to simplify and document complex technical details to both technical and non-technical audiences.
You can learn quickly and have a track record of developing a deep understanding of systems and risks to the business.
You can work independently and take the initiative to drive security initiatives forward.
You can juggle multiple tasks and coordinate/delegate to achieve speedy resolutions to application security-related incidents working with Security operations.
Southern California Base Salary Range: $103,977-$166,363
San Antonio Base Salary Range: $85,477-$136,763
New York Base Salary Range: $110,221-$176,354
In addition to a highly competitive base salary, per plan guidelines, restrictions, and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital’s annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings.
You can learn more about our compensation and benefits here.
Temporary positions in Canada and the United States are excluded from the above-mentioned compensation and benefit plans.
We are an equal opportunity employer, which means we comply with all federal, state, and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state, or local law.
#J-18808-Ljbffr