Mission Federal Credit Union
Information Security - Application Security Engineer
Mission Federal Credit Union, San Diego, California, 92189
Are you passionate about Information Security, testing applications? Do you like to work collaboratively with other engineers, departments and stakeholders to manage app security? If this sounds interesting to you, below are a few more details. ( This position has a hybrid schedule of 2 days a week in office. Must be local in San Diego County.) The application security engineer is responsible for validating that application services are designed and implemented with high-security standards. The role analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, the application security engineer supports continuous integration and continuous deployment (CI/CD) initiatives and is an integrated team member working with software developers, system engineers, data architects, and systems administrators to drive system efficiencies. What you will be doing: Build relationships with developers, engineers, scrum masters, and stakeholders to incorporate security principles into engineering design and deployments. Work in tandem with developers to provide repetitive validation testing before production while allowing for a continuous cycle of development followed by application security assessments. Perform vulnerability and penetration testing. Simplify automation that applies security interworking's with CI/CD pipelines and build services and tools to enable developers and engineers to easily use security components in their workflows. Fully define and follow a security review process to identify vulnerabilities in code through automated and manual assessments and promote quick remediation. Conduct testing and validation in application security controls across cross-departmental projects. Oversee implementation of defensive practices and countermeasures across infrastructure and applications. Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business and gain support through influential messaging. Support the ability to shift left, incorporate security early on, and actively participate in application project meetings. Participate in the company's change management program. Research and learn new tactics, techniques, and procedures (TTPs) regularly in public and closed forums. Work with colleagues to assess risk and implement/validate controls as necessary through the CI/CD pipeline. Enrich DevOps architecture with security standards and best practices. Train developers and other team members on application security weaknesses to avoid. Develop security test plans from architectural design. Identify deficiencies and make enhancements to ensure production is not negatively impacted. Maintains in-depth knowledge of and complies with all Mission Fed, departmental and security policies and procedures, as well as, federal regulations applicable to the position, including BSA requirements. Completes all required compliance training as assigned. Performs other duties as assigned. What you need: Education: A bachelor's degree in a related discipline or industry-recognized information security certificates with relevant experience is required. Certifications from ISC2 (CSSLP, CCSP), SANS (GWAPT), EC-Council (CEH), OSCP, or Microsoft (AZ-500) will be considered. Experience: A minimum of 2 years of experience with a bachelor's degree or a minimum of 5 years of relevant experience along with industry recognized certifications in lieu of bachelor's degree. The candidate should have highly technical experience, a DevOps background in public and private clouds, and working knowledge of OWASP, NIST CSF, CIS, frameworks, and threat modeling methodologies such as STRIDE. Skills &Abilities: Highly technical and analytical experience, with a proven deep background in application programming. Proficiency in software development (Java, .NET, Python, C++, Ruby, etc.). Capable of scripting in Python, Bash, Perl, or PowerShell. Experience in threat modeling applications. Vulnerability and penetration-testing skills. Experience with agile workflows, including Scrum and Kanban. Experience with operation and security across Microsoft Azure or Amazon Web Services (AWS). Solid understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SDLC). Experience with dynamic and static analysis tools. SQL database experience. Excellent verbal and technical written communication skills. Demonstrates solid organizational skills and the ability to multi-task and prioritize workload. Possesses high integrity and trustworthiness and represents the company and its management team at the highest level of professionalism. Strong interpersonal and relationship-building skills are essential. Must be self-motivated and self-directed and be available to work a schedule involving after-hours and weekend work as needed. WHAT WE OFFER: Hybrid environment. Remote up to 2-3 days a week. (Some weeks may require more onsite days based on what's happening in the business) An opportunity to grow your career at San Diego's 2 employer A chance to make a difference for the greater good at a hyper local company. We love SD 18 days of PTO in your first year plus 12 holidays a year 6% 401(k) match Full benefits package including medical, dental, vision, life insurance, etc Critical features of this job are described under the headings above. They may be subject to change at any time due to reasonable accommodation or other reasons. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions. We expect to pay between $117,000.00 - $140,000.00 for this opportunity. Actual base pay within this range will be determined by several components, including but not limited to, relevant experience, internal equity, skills, qualifications, and other job-related factors permitted by law. Your privacy is very important to Mission Federal Credit Union. The California Consumer Privacy Act ("CCPA")/ California Privacy Rights Act (CPRA) requires Mission Federal Credit Union to inform California residents, including job applicants, of the categories of personal information we collect and the purpose for which the personal information will be used. This job applicant notice and the CCPA/CPRA notice provides the disclosures required by the CCPA/CPRA and applies only to applicants who are subject to the CCPA/CPRA. Mission Federal Credit Union is an Equal Opportunity Employer. All applicants will receive consideration without regard to race, sex, color, creed, religion, age, marital status, sexual orientation, national origin, physical or mental disability, veteran status, or any other class protected by law. INDMF