Sr. Information Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

First Horizon Bank · 18 hours ago

Sr. Information Security Engineer

positionMemphis, TN
timeFull-time
remoteOnsite
senioritySenior Level
date5+ years exp

First Horizon Corporation is a leading regional financial services company dedicated to helping clients unlock their potential with capital and counsel. The Sr. Information Security Engineer role focuses on application security testing and vulnerability management, requiring collaboration with development and DevOps teams to enhance the security posture of enterprise applications.

BankingFinanceFinancial ServicesRisk Management
badNo H1Bnote

Responsibilities

Conduct SAST scans using Veracode to identify vulnerabilities in source code
Conduct SCA scans using Veracode to identify vulnerabilities in open-source components
Analyze scan results, identify root causes, and collaborate with developers to implement effective remediations
Work with CI/CD pipelines to integrate security testing into DevOps workflows
As-needed, conduct manual verification and secondary authenticated scans using Burp Suite to reduce false negatives
Understand and evaluate vulnerabilities in Java, .NET, Python, and other application codebases
Work with development teams to remediate security flaws in source code and follow secure coding practices
Provide guidance on OWASP Top 10 and SANS 25 vulnerabilities, including how they arise, how to exploit them, and how to prevent them
Able to perform scripting and coding in Java and Python as-needed for security engineering
Ensure required DAST, SAST, and SCA release and periodic scanning is occurring and that scans and findings are addressed within SLA
Review and approve false positives and mitigated-by-design requests for DAST, SAST, and SCA
Review and approve SDLC tasks (MME and SbD MUFG processes) for DAST, SAST, and SCA
Maintain compliance with NIST, PCI-DSS, FFIEC, SOX, CIS security frameworks
Store and organize security artifacts in archives, following standardized documentation practices
Work closely with developers, DevOps teams, and application owners to secure software at all stages of SDLC
Work with Security teams to deploy security tools as IAC
Stay updated on the latest exploitation techniques, security research, and industry best practices
Knowlegeable around securing cloud workloads and cloud instances within AWS, Google, and Azure
Support the Cyber Incident Response Team (CIRT) in the effective detection, analysis, and containment of attacks
Design, test and develop specific content and alerting to identify threats against their critical assets

Qualification

Application SecuritySecure CodingVulnerability ManagementDAST ToolsSAST ToolsJavaPythonCompliance FrameworksCI/CD PipelinesCloud SecurityScripting SkillsAnalytical MindsetCommunication SkillsCollaboration Skills

Required

Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience)
5+ years of experience in Application Security, Secure Development, DAST, and SAST
Hands-on experience with DAST tools such as Veracode (Netsparker), AppScan, Burp Suite, Acunetix
Experience with SAST tools like Veracode and Fortify
Experience with Burp Suite performing manual testing
Strong knowledge of web security vulnerabilities (OWASP Top 10, SANS 25, MITRE ATT&CK)
Software development experience in Java, .NET, Python, or similar languages. Ability to perform scripting for security engineering
Familiarity with secure software development life cycle (SSDLC) and CI/CD pipelines
Familiar with compliance regulations such as SOX, PCI-DSS, GLBA, and Federal Banking regulations
Strong ability to collaborate with developers and provide security guidance in a constructive manner
Excellent communication skills, including technical reporting and vulnerability documentation
Analytical mindset with a passion for improving software security and reducing risk exposure

Preferred

Relevant security certifications (e.g., OSCP, OSWE, GWAPT, CEH) are highly desirable
Experience with cloud security (AWS, Azure, Oracle Cloud) is a plus
Scripting skills (Python, Bash, PowerShell) to automate security tasks
Produce weekly and monthly operational metrics
Work with vendors and internal customers to respond to escalations
Familiar with threat modeling and/or risk-based security testing techniques
Experience with EnCase
Experience with reverse engineering malware

Benefits

Medical with wellness incentives, dental, and vision
HSA with company match
Maternity and parental leave
Tuition reimbursement
Mentor program
401(k) with 6% match

Company

First Horizon Bank

twittertwittertwitter
Glassdoor3.6
company-logo
First Horizon Bank provides personal, business, and corporate banking, and private client services, to families and businesses.
dateFounded in 1864
location
Raleigh, North Carolina, USA
people-size5001-10000 employees
web-link
https://www.firsthorizon.com/pmc

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Hope Dmuchowski
Chief Financial Officer
linkedin
leader-logo
Ben Hopper
Senior Vice President, Head of Consumer Distribution and ATM Strategy
linkedin

Recent News

PR Newswire
Mike Holly Joins First Horizon Bank as Senior Vice President, Head of Deposit Product Management
2026-01-23
The Real Deal
HS Development’s Seabrook Town Centre finally breaks ground
2026-01-17
EIN Presswire
A Weekend of Brushstrokes, Beats & Breakthroughs Awaits at the Coconut Grove Arts Festival
2026-01-16
Company data provided by crunchbase