Sr. Application Security Engineer
- Requisition # 10047975-WD
- Job Type Full time
- Location New York, New York
- Date posted 11/05/2021
Your potential. Your opportunity.
Do you want your voice heard and your actions to count?
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world. Across the globe, we’re 180,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
The Senior Application Security Engineer reports directly to the Head of Information Security Engineering and Operations. As an expert in your field, you will apply data-driven models to define application security strategies that are customized to the business goals. You proactively engage with stakeholders to develop and continuously revise application security roadmaps. The detailed plans and realistic methods that you develop empowers the business to aggressively pursue initiatives while optimizing risk reduction. You are a champions of the organization’s information security aspirations who works as a servant leader to evolve and embed security considerations throughout the software development lifecycle.
Define application security strategies that are customized to the business goals
Develop secure software development lifecycle processes
Perform threat modeling on existing and upcoming applications
Perform static application security testing (SAST) of the code base on a regular basis
Perform dynamic application security testing (DAST) using open source and commercial tools
Identify and mitigate vulnerabilities originating from third party components
Review security alerts and reports and work closely with the DevOps team to design workflows
Provide secure system and software development training and best practices to the software engineering teams
Good to have’s
Familiar with Financial Services regulators, regulations and best practices (e.g. OCC, FRB, FFIEC, FINRA, SEC, IIROC, SOX, GLBA, GDPR)
Process improvement and procedure are documented and maintained per RCSA process
Experience with automation tools (e.g. TeamCity, Jenkins, Bamboo, GitLab, Kubernetes, Ansible, Chef, Puppet, Salt)
Experience in using scripting languages and deploying applications (e.g. Python, .Net, Java, Perl) to automate tasks and manipulate data
Excellent communication skills
Ability to explain complex security topics in simple terms
Ability to lead and manage multiple security initiatives
A good team player who is self-motivated and well organized
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.
We are proud to be an Equal Opportunity/Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.
Some MUFG roles require that individuals be fully vaccinated against COVID-19, subject to exemptions for medical or religious reasons, as well as any other reason required by applicable law or order. Should you be selected for an interview, your recruiter will provide additional information.