Apply on Employer Site

Mechanics Bank · 17 hours ago

Application Security Engineer

United States

Full-time

Remote

Mid Level

$130K/yr - $170K/yr

3+ years exp

Mechanics Bank is currently searching for an Application Security Engineer to join their team. This role is responsible for securing the bank’s network and external-facing applications through continuous penetration testing, application code review, threat hunting, and vulnerability scanning, while also leading DevSecOps discussions and planning.

BankingFinancial ServicesWealth Management

Responsibilities

Defines security requirements for the implementation of new applications and projects: Serves as a security engineer/consultant on projects, works closely with the application development team to ensure coding follows security best practices, provides security guidance during the design and implementation phases to ensure robust security controls are integrated from the start

Performs continuous penetration testing: Effectively documents and reports findings, illustrating risks and requirements for resolution. Recommends and implements improvements based on testing outcomes

Leads security research on threats and remediation techniques and technology: Makes informed recommendations to Information Security and Information Technology teams, oversees the implementation of recommended security measures

Conducts security event analysis and intrusion detection (IDS/IPS): Leads incident response efforts, including triage, incident analysis/forensics, and remediation. Develops and refines incident response processes and playbooks

Serves on the Incident Response Team: Focuses on Computer Incident Response, coordinates with various teams to ensure a cohesive and effective incident response

Supports the Bank’s operational information security responsibilities, including the development and maintenance of standards, procedures, and guidelines necessary to satisfy the Information Security department’s network operations

Manages and enhances the bank’s network vulnerability management program: Regularly assesses and updates vulnerability management practices to ensure they meet current security standards and address emerging threats

Assists in conducting risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications and systems

Provides technical support to regulatory agencies, external auditors, and internal auditors, as required, to respond to audits and examinations of the Bank’s control environment

Qualification

Application SecurityPenetration TestingThreat AnalysisIncident ResponseProgramming LanguagesScripting LanguagesVulnerability ManagementSecurity TechnologiesCommunication SkillsTeam Collaboration

Required

3 - 5 years' experience in application security, penetration testing, or a comparable role

Understanding of one or more of the following programming languages: C#, Angular JavaScript, T-SQL

Understanding of one or more scripting languages

Understanding of Linux, Windows, and Mac OS

Passion for automation and scripting (Python, Perl, Bash, PowerShell, etc.)

Strong technical skills with Microsoft Office; must have the ability to effectively communicate and write reports understandable to both business and technical staff

Threat analysis / Incident Response: interpreting events and analyzing network traffic

Mitigating and addressing threat vectors including XSS, broken authentication, SQL injections, SSRF, misconfigurations, insecure designs

Application vulnerabilities/penetration testing/remediation

Knowledge of current and upcoming IT security technologies

Awareness of the latest and common security threats (OWASP Top 10, OWASP for API)

Excellent ability to diagnose and troubleshoot accessibility issues

Skill in oral and written communication, including presentations to senior management

Ability to influence and work with employees at all levels of the organization

Preferred

Bachelor's Degree in a related field, or equivalent education, certifications, and experience

Industry Standard Certifications, such as: CompTIA CASP+; GIAC, EC-Council, (ISC)2, OSCP, CompTIA Linux+; ISC2 CISSP, CompTIA Network+

Benefits

Medical, prescription, dental, and vision coverage for employees and their eligible family members

Employer paid Employee Assistance Program, Life Insurance, AD&D, and Disability benefits

Health Savings Account with employer contribution

Healthcare and Dependent Care Flexible Spending Accounts and Commuter/Parking Benefit

401(k) and Roth 401(k) with company contribution

529 Education Savings plan, Tuition Reimbursement Program and Student Loan Assistance Program

Supplemental Health plans, Voluntary Legal and Identity Theft Services

11 paid holidays, paid Sick days (accrual of one hour for every 30 hours worked), up to 25 paid vacation days, and 16 hours of paid volunteer time throughout the calendar year

Free personal checking and savings account; Discounted rates on primary residence loan with $0 origination fees (restrictions apply)