Application Security Engineer

Waltham, MA, United States

Commonwealth Financial Network The largest privately held RIA-independent broker/dealer ranking highest in advisor satisfaction. We are the RIA-B/D that puts you first. View company page

If you’re looking for a high-energy, inclusive atmosphere and a company that understands the importance of work/life balance, Commonwealth is your match! From generous bonus and 401(k) programs to tuition reimbursement and flexible work schedules, Commonwealth is focused on helping its employees thrive in an environment suited to their needs. On top of all that, the Information Security department offers a hybrid work schedule, so you’ll be able to work from home for part of the week!

We’re looking for an application security engineer to join our ranks. As a Commonwealth application security engineer, you will be a key member of theInformation SecurityEngineering team. You will use your strong understanding of applications, servers, security solutions, and design and development processes to enable and deliver resilient and secure applications. You will work collaboratively with the Information Security, development, QA, and database teams to ensure that solutions and services are designed and adopted effectively.

Key Responsibilities

Reviewing, designing, and integrating security in the software development lifecycle process

Collaborating with development and operations teams to integrate security into the entire application development lifecycle through DevSecOps practices

Developing and improving the organization's security policies and standards

Performing manual and automated analysis on applications using open source and custom tools and scripts

Analyzing processes and toolsets used by the developers and database teams to ensure the security of the environment

Partnering with the application and QA teams to ensure risk is identified and remediated.

Developing custom dashboards and reporting on the state of security in the application environment

Proactively testing applications using static and dynamic application testing (SAST and DAST)

Liaising with application development team to identify application components and recommend safe use of components using SCI solutions

Performing regular security assessments, vulnerability scanning, and penetration testing; work with TVM team to understand application security vulnerabilities and own remediation.

Creating secure coding recommendations and develop best practices and guidelines for the development teams

Assisting with creating security training for the Application, Development, and QA teams

Core Strengths and Skills

Strong knowledge and understanding of application development frameworks and processes

Hands-on experience with vulnerability assessment and penetration testing tools

Strong scripting skills with Powershell and Python for automation and integration

Strong experience with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tools and methodologies

Experience with web application security penetration testing

Comfortable with DevSecOps enablers such as Terraform (policies), Docker, Kubernetes, and secret stores such as Hashicorp Vault and Azure Key Vault

Experienced with Azure DevOps (ADO) pipeline scripting

Experience with OWASP manual and automated security scanning

Familiarity with common security libraries, controls, and common security flaws and patches

Ability to stay positive andadapt quickly to changing business models, project requirements, andtechnologies

Strong communication, consultative, influencing, and presentationskills

AdditionalDesirableSkills and Knowledge

Bachelor’s degree in information systems or a related discipline, or equivalent training

5+ years of related work experience in Application Security role

Technical expertiseinAzure Cloud and DevOps

Understanding the best practices, control frameworks, and applicable existing and new legal/regulatory requirements (SEC S-P Rule, FINRA cybersecurity recommendations, data privacy, and breach notification laws, ISO 27001, NIST CSF and SP 800-53, CIS, CSA CCM, PCI DSS, and others)

Security-related certifications such as OSCP, GCIH, CEH, GCIA, GPEN, GPPA

Have we piqued your curiosity? Can you see yourself thriving in this opportunity?

Picture Yourself Here

At Commonwealth, we believe in a better world. We hold ourselves and each other to higher standards. We take care of one another. That’s why we invest in you—we encourage employee growth both in your career and education; we are building out a robust diversity, equity, and inclusion program; we offer incredible healthcare benefits; and we find plenty of occasions to celebrate. What’s not to love?

We are always striving to be better, and we are looking for employees who share that same mindset. Better people, better coworkers, better leaders, better creators. Bring your best work and your full self to the table, and we will do the same. Together, we can build a better future for our advisors, their clients, our company, and you.

About Commonwealth

Commonwealth Financial Network, Member FINRA/SIPC, a Registered Investment Adviser, provides a suite of business solutions that empowers more than 2,000 independent financial advisors nationwide. Privately held since 1979, the firm has headquarters in Waltham, Massachusetts, and San Diego, California.

Turning our advisors into raving fans starts by doing the same for our employees. We foster an environment of excellence, growth, rewards, and fun in equal measure, which has earned us 44 Best Place to Work awards.

The Fine Print

We care about your online safety as a prospective employee and encourage you to exercise caution when responding to job postings online. Commonwealth will never ask potential hiring candidates to pay or transfer funds as a precondition of interviews or employment, nor will we authorize recruiters or agents to do so on our behalf.

Commonwealth is an equal opportunity employer, making intentional efforts to source talent from all backgrounds.

Explore more InfoSec / Cybersecurity career opportunities Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.

#J-18808-Ljbffr