Unavailable
Senior AppSec and Vulnerability Management
Unavailable, San Marino, California, us, 91118
IntroductionSince 1973, East West Bank has served as a pathway to success. With over 120 locations across the U.S. and Asia, we are the premier financial bridge between the East and West. Our teams of experienced, multi-cultural professionals help guide businesses and community members on both sides of the Pacific looking to explore new markets and create new opportunities, and our sustained growth and expertise in industries like real estate, entertainment and media, private equity and venture capital, and high-tech help build sustainable businesses and expand our associates’ potential for career advancement. Headquartered in California, East West Bank (Nasdaq: EWBC) is a top performing commercial bank with an exclusive focus on the U.S. and Greater China markets. With a strong foundation, and enterprising spirit and a commitment to absolute integrity, East West Bank gives people the confidence to reach further.
OverviewThe Senior Cyber Security Engineer – AppSec and Vulnerability Management will participate in establishing and maintaining a corporate wide Cyber Security management program to ensure that information assets are adequately protected. We are seeking a highly skilled Application Security Engineer with strong background in both API, application security assessment, and experience with web application firewalls. This role will be responsible for ensuring the security of our applications and APIs, and will play a critical role in protecting our systems and data from threats.
As an East West Bank employee, the Cyber Security engineer will be part of a growing and stable organization that provides career path development opportunities while serving a growing and profitable market.
The Cyber Security Engineer will work with senior members of the team to enhance and mature the security operations program.
ResponsibilitiesApplication Security
Technical lead in securing software applications and ensuring they are resistant to security threats. Develop strategies and plans to achieve security requirements and address identified risks.
Implement and maintain security measures to protect applications from threats. Ensure compliance with security standards and best practices.
Stay updated on the latest application security threats and mitigation techniques.
Perform security testing and vulnerability assessments to identify security strengths and weaknesses, to assess, maintain and troubleshoot vulnerability management infrastructure.
API Security Assessment:
Conduct regular API security assessment to identify vulnerabilities and risks. Develop and implement strategies to mitigate identified risks.
Application Security Assessment:
Perform comprehensive security assessments of our applications to identify potential vulnerabilities and risk. Develop and implement effect strategies to address these risks.
Conduct security reviews and assessments of application code to identify vulnerabilities.
Perform static and dynamic code analysis to identify security flaws. o Collaborate with software development teams to integrate security into the software development lifecycle.
Remediate security issues found in applications through code fixes or configuration changes.
Web Application Firewall (WAF)
Implement and manage WAF rules and policies. Monitor WAF logs and alerts to identify and respond to security threats.
Threat Modeling:
Identify potential threats and vulnerabilities in the application design phase. Develop strategies to mitigate these threats.
Security Training:
Provide training and guidance to development teams on secure coding practices and API security.
Incident Response:
Participate in incident response and forensic analysis in the event of a security breach.
Other:
Customer Service: support stakeholders’ vulnerability questions and inquiries.
Work with technologists to optimize vulnerability detection capabilities.
Perform scans with vulnerability scanners and DAST scanners.
WAF Management: Configure, manage, and fine-tune WAF policies to protect web applications from threats and attacks. Monitor WAF logs and alerts to respond to and mitigate potential security incidents.
Collaboration and Communication: Work closely with development, operations, and other IT teams to promote a security-first culture. Communicate security risks and recommendations effectively to technical and non-technical stakeholders.
Reporting: prepare regular reports on KRI and KPIs.
InfoSec Lead in vulnerability management remediation efforts including analyzing findings from network scanners and application security tools
Support the vulnerability management program by reviewing and inputting approved exceptions in vulnerability management solution.
Qualifications
A Bachelor’s degree in Information Technology, Computer Science, or Cyber Security related field.
5+ years of IT and Application security experience
Proven experience in application security, specifically with API and application security assessment, and web application firewalls.
Knowledge of security frameworks, standards, and best practices.
Analytical and problem-solving mindset. Strong understanding of threat modeling and risk assessment techniques.
Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
Highly organized and efficient. Ability to work independently and as part of a team in a fast-paced, dynamic environment.
Experience with ApSec tools such as SAST, DAST, IAST, API security, WAF, etc.
Proficient use of application testing tool (Veracode, GitHub Advanced Security, Data Theorem, Burp Suite, AppSpider, etc); WAF protection solutions such as Signal Science, Imperva, or Cloud based WAF, and API security tools.
Proficient use of various tool and techniques including vulnerability management such as Insight VM/Nexpose, Nessus, Qualys, Tenable Vulnerability Management
Documentation: ability to document processes, requirements, and changes.
Experience with Linux and Pentesting tools.
Experience with Vulnerability Management and network scanners.
Excellent communication and interpersonal skills, with the ability to collaborate effectively with stakeholders at all levels of the organization.
Strong analytical and problem-solving abilities, with a keen attention to detail and a commitment to excellence.
Demonstrates strong analytical skills and is effective at interpreting and applying applicable regulations.
Preferred Certifications & Skills:
Certification such as CEH, CSSLP, CISSP , CISA, or CVA
Experience with scripts and programming languages such as node.js, Java, Python.
Familiarity with cloud environments like AWS, Azure, or GCP.
Compensation
The base pay range for this position is USD $120,000.00/Yr. - USD $150,000.00/Yr. Exact offers will be determined based on job-related knowledge, skills, experience, and location.
OverviewThe Senior Cyber Security Engineer – AppSec and Vulnerability Management will participate in establishing and maintaining a corporate wide Cyber Security management program to ensure that information assets are adequately protected. We are seeking a highly skilled Application Security Engineer with strong background in both API, application security assessment, and experience with web application firewalls. This role will be responsible for ensuring the security of our applications and APIs, and will play a critical role in protecting our systems and data from threats.
As an East West Bank employee, the Cyber Security engineer will be part of a growing and stable organization that provides career path development opportunities while serving a growing and profitable market.
The Cyber Security Engineer will work with senior members of the team to enhance and mature the security operations program.
ResponsibilitiesApplication Security
Technical lead in securing software applications and ensuring they are resistant to security threats. Develop strategies and plans to achieve security requirements and address identified risks.
Implement and maintain security measures to protect applications from threats. Ensure compliance with security standards and best practices.
Stay updated on the latest application security threats and mitigation techniques.
Perform security testing and vulnerability assessments to identify security strengths and weaknesses, to assess, maintain and troubleshoot vulnerability management infrastructure.
API Security Assessment:
Conduct regular API security assessment to identify vulnerabilities and risks. Develop and implement strategies to mitigate identified risks.
Application Security Assessment:
Perform comprehensive security assessments of our applications to identify potential vulnerabilities and risk. Develop and implement effect strategies to address these risks.
Conduct security reviews and assessments of application code to identify vulnerabilities.
Perform static and dynamic code analysis to identify security flaws. o Collaborate with software development teams to integrate security into the software development lifecycle.
Remediate security issues found in applications through code fixes or configuration changes.
Web Application Firewall (WAF)
Implement and manage WAF rules and policies. Monitor WAF logs and alerts to identify and respond to security threats.
Threat Modeling:
Identify potential threats and vulnerabilities in the application design phase. Develop strategies to mitigate these threats.
Security Training:
Provide training and guidance to development teams on secure coding practices and API security.
Incident Response:
Participate in incident response and forensic analysis in the event of a security breach.
Other:
Customer Service: support stakeholders’ vulnerability questions and inquiries.
Work with technologists to optimize vulnerability detection capabilities.
Perform scans with vulnerability scanners and DAST scanners.
WAF Management: Configure, manage, and fine-tune WAF policies to protect web applications from threats and attacks. Monitor WAF logs and alerts to respond to and mitigate potential security incidents.
Collaboration and Communication: Work closely with development, operations, and other IT teams to promote a security-first culture. Communicate security risks and recommendations effectively to technical and non-technical stakeholders.
Reporting: prepare regular reports on KRI and KPIs.
InfoSec Lead in vulnerability management remediation efforts including analyzing findings from network scanners and application security tools
Support the vulnerability management program by reviewing and inputting approved exceptions in vulnerability management solution.
Qualifications
A Bachelor’s degree in Information Technology, Computer Science, or Cyber Security related field.
5+ years of IT and Application security experience
Proven experience in application security, specifically with API and application security assessment, and web application firewalls.
Knowledge of security frameworks, standards, and best practices.
Analytical and problem-solving mindset. Strong understanding of threat modeling and risk assessment techniques.
Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
Highly organized and efficient. Ability to work independently and as part of a team in a fast-paced, dynamic environment.
Experience with ApSec tools such as SAST, DAST, IAST, API security, WAF, etc.
Proficient use of application testing tool (Veracode, GitHub Advanced Security, Data Theorem, Burp Suite, AppSpider, etc); WAF protection solutions such as Signal Science, Imperva, or Cloud based WAF, and API security tools.
Proficient use of various tool and techniques including vulnerability management such as Insight VM/Nexpose, Nessus, Qualys, Tenable Vulnerability Management
Documentation: ability to document processes, requirements, and changes.
Experience with Linux and Pentesting tools.
Experience with Vulnerability Management and network scanners.
Excellent communication and interpersonal skills, with the ability to collaborate effectively with stakeholders at all levels of the organization.
Strong analytical and problem-solving abilities, with a keen attention to detail and a commitment to excellence.
Demonstrates strong analytical skills and is effective at interpreting and applying applicable regulations.
Preferred Certifications & Skills:
Certification such as CEH, CSSLP, CISSP , CISA, or CVA
Experience with scripts and programming languages such as node.js, Java, Python.
Familiarity with cloud environments like AWS, Azure, or GCP.
Compensation
The base pay range for this position is USD $120,000.00/Yr. - USD $150,000.00/Yr. Exact offers will be determined based on job-related knowledge, skills, experience, and location.