Santander Holdings USA Inc
Associate, Information Security
Santander Holdings USA Inc, Dallas, Texas, United States, 75215
Associate, Information SecurityDallas, United States of America
We are seeking a Cloud Application Security Tester to manage and operate security services that assess, prioritize, and mitigate information security and technology risks. This role involves conducting regular security assessments, vulnerability scans, and in-depth application security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), API testing, and mobile security assessments. Utilizing tools like AWS GuardDuty, AWS Inspector, and AWS Config, the tester will analyze security issues, provide actionable remediation recommendations, and perform comprehensive web and mobile penetration testing. Ensuring compliance with OWASP Top Ten and CIS benchmarks for AWS, developing security policies, and managing security monitoring solutions with Splunk and SysDig are key responsibilities. The role also includes monitoring security alerts, conducting root cause analysis of incidents, and collaborating with development, QA, and operations teams to integrate security best practices into the SDLC.Essential Functions/Responsibility Statements :Conducts regular security assessments and vulnerability scans using tools such as AWS GuardDuty, AWS Inspector, and AWS Config.Performs Static and Dynamic Application Security Testing (SAST and DAST) on web applications, APIs, and mobile applications to identify security risks and vulnerabilities.Conducts web and mobile penetration testing to assess the robustness of applications and identify weaknesses.Analyzes and interprets security issues identified by these tools, providing detailed and actionable recommendations for remediation.Performs comprehensive code reviews to identify and mitigate potential vulnerabilities.Ensures compliance with industry standards and frameworks, including OWASP Top Ten and CIS benchmarks for AWS.Develops, maintains, and enforces security policies, procedures, and documentation to support compliance efforts.Conducts thorough audits and assessments to ensure ongoing adherence to security policies and standards.Implements and manages advanced security monitoring solutions using Splunk and SysDig.Monitors security alerts and incidents, coordinating response efforts to effectively mitigate risks.Conducts in-depth root cause analysis of security incidents and implements robust measures to prevent recurrence.Collaborates closely with development, QA, and operations teams to integrate security best practices into the SDLC.Stays abreast of the latest security trends, threats, and technologies.Continuously improves security processes and controls to enhance the overall security posture of the organization.
Qualifications : To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education : Bachelor's Degree or equivalent work experience
Work Experience : 5-9 years; Experience in Information security, Cloud governance, IT audit, or risk management.
Skills and Abilities :Proficiency in AWS security tools such as AWS GuardDuty, AWS Inspector, and AWS Config.Experience with application security testing tools for SAST, DAST, and penetration testing.Experience conducting Security Code Reviews, API security testing and mobile application security assessments.Strong understanding of compliance frameworks and standards such as OWASP Top Ten and CIS benchmarks for AWS.Proficiency in security monitoring tools like Splunk and SysDig.In-depth knowledge of application security principles and best practices.Ability to analyze and mitigate security issues identified by various security tools.Excellent analytical and problem-solving skills to identify and address security vulnerabilities.Ability to conduct thorough risk assessments and develop effective mitigation strategies.Strong communication and collaboration skills to work effectively with development, QA, operations, and compliance teams.Ability to provide training and guidance on security and compliance best practices.High attention to detail to ensure thorough analysis and accurate documentation.Proactive approach to identifying and addressing security risks before they become critical issues.Commitment to staying up-to-date with the latest security trends, threats, and technologies.
Diversity & EEO Statements: At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.
Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status, or any other characteristic protected by law.
Working Conditions: Frequent Minimal physical effort such as sitting, standing and walking. Occasional moving and lifting equipment and furniture is required to support onsite and offsite meeting setup and teardown. Physically capable of lifting to fifty pounds, able to bend, kneel, climb ladders.
Employer Rights: This job description does not list all the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate at any time for any reason.Primary Location:
Dallas, TX, DallasOther Locations:
Texas-Dallas,Massachusetts-Quincy,Florida-Coconut GroveOrganization:
Santander Holdings USA, Inc.
We are seeking a Cloud Application Security Tester to manage and operate security services that assess, prioritize, and mitigate information security and technology risks. This role involves conducting regular security assessments, vulnerability scans, and in-depth application security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), API testing, and mobile security assessments. Utilizing tools like AWS GuardDuty, AWS Inspector, and AWS Config, the tester will analyze security issues, provide actionable remediation recommendations, and perform comprehensive web and mobile penetration testing. Ensuring compliance with OWASP Top Ten and CIS benchmarks for AWS, developing security policies, and managing security monitoring solutions with Splunk and SysDig are key responsibilities. The role also includes monitoring security alerts, conducting root cause analysis of incidents, and collaborating with development, QA, and operations teams to integrate security best practices into the SDLC.Essential Functions/Responsibility Statements :Conducts regular security assessments and vulnerability scans using tools such as AWS GuardDuty, AWS Inspector, and AWS Config.Performs Static and Dynamic Application Security Testing (SAST and DAST) on web applications, APIs, and mobile applications to identify security risks and vulnerabilities.Conducts web and mobile penetration testing to assess the robustness of applications and identify weaknesses.Analyzes and interprets security issues identified by these tools, providing detailed and actionable recommendations for remediation.Performs comprehensive code reviews to identify and mitigate potential vulnerabilities.Ensures compliance with industry standards and frameworks, including OWASP Top Ten and CIS benchmarks for AWS.Develops, maintains, and enforces security policies, procedures, and documentation to support compliance efforts.Conducts thorough audits and assessments to ensure ongoing adherence to security policies and standards.Implements and manages advanced security monitoring solutions using Splunk and SysDig.Monitors security alerts and incidents, coordinating response efforts to effectively mitigate risks.Conducts in-depth root cause analysis of security incidents and implements robust measures to prevent recurrence.Collaborates closely with development, QA, and operations teams to integrate security best practices into the SDLC.Stays abreast of the latest security trends, threats, and technologies.Continuously improves security processes and controls to enhance the overall security posture of the organization.
Qualifications : To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education : Bachelor's Degree or equivalent work experience
Work Experience : 5-9 years; Experience in Information security, Cloud governance, IT audit, or risk management.
Skills and Abilities :Proficiency in AWS security tools such as AWS GuardDuty, AWS Inspector, and AWS Config.Experience with application security testing tools for SAST, DAST, and penetration testing.Experience conducting Security Code Reviews, API security testing and mobile application security assessments.Strong understanding of compliance frameworks and standards such as OWASP Top Ten and CIS benchmarks for AWS.Proficiency in security monitoring tools like Splunk and SysDig.In-depth knowledge of application security principles and best practices.Ability to analyze and mitigate security issues identified by various security tools.Excellent analytical and problem-solving skills to identify and address security vulnerabilities.Ability to conduct thorough risk assessments and develop effective mitigation strategies.Strong communication and collaboration skills to work effectively with development, QA, operations, and compliance teams.Ability to provide training and guidance on security and compliance best practices.High attention to detail to ensure thorough analysis and accurate documentation.Proactive approach to identifying and addressing security risks before they become critical issues.Commitment to staying up-to-date with the latest security trends, threats, and technologies.
Diversity & EEO Statements: At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.
Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status, or any other characteristic protected by law.
Working Conditions: Frequent Minimal physical effort such as sitting, standing and walking. Occasional moving and lifting equipment and furniture is required to support onsite and offsite meeting setup and teardown. Physically capable of lifting to fifty pounds, able to bend, kneel, climb ladders.
Employer Rights: This job description does not list all the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate at any time for any reason.Primary Location:
Dallas, TX, DallasOther Locations:
Texas-Dallas,Massachusetts-Quincy,Florida-Coconut GroveOrganization:
Santander Holdings USA, Inc.