Create a Job Alert.

Enter your email below to save this search and receive job recommendations for similar positions.
Thank you. We'll send jobs matching these to
You already suscribed to this job alert.
US
0 suggestions are available, use up and down arrow to navigate them
What job do you want?

Application Security Engineer job in Charlotte at Bank of America

Create Job Alert.

Get similar jobs sent to your email

List of Jobs

Apply to this job.
Think you're the perfect candidate?
Application Security Engineer at Bank of America

Application Security Engineer

Bank of America Charlotte, NC Full Time

Job Description:

Job Description and Responsibilities

This role is for an individual contributor to backfill an engineering position in the Developer Security Platform team.  The team provides SAST, DAST and IAST solutions to enterprise security control groups and the developer community enterprise wide.

The immediate responsibility of the successful candidate will be to join the team in supporting the enterprise SAST solution - Checkmarx CxSAST.  Participation in other projects underway or planned could include the bank’s enterprise security pipeline, implementation of a new software composition analysis (SCA) product; implementing automated IAST capability in QA; re-designing self-service DAST offerings.  Future proof of concept evaluation on new products which could become projects, in partnership with R&D, should also be expected.

Team members manage the deployed products from a traditional application support standpoint, through established processes for performance monitoring, capacity utilization, exception analysis and similar tasks.  Operation of the tools is performed by separate teams.  Live support is provided to operations teams using the products to assess applications and also enterprise developers seeking to automate and integrate the products into their SDLC.

Job Preparation

There are two demonstrated success paths to this role:

Application Developer

This person is a top performer in an enterprise application development role.  They have some professional exposure to application security and/or have taken demonstrable steps to move into an application security role.  Exposure can be in the form of exercising application security products or remediating results from a central security group’s assessment of their application.  Candidates will have current practitioner level skills in enterprise level SDLC tools and processes.

Application Security Engineer

This person has dedicated security experience, either imbedded in an application development organization or central security group.  They have been directly responsible for working with developers to remediate code vulnerabilities from SAST, DAST and/or IAST results. Candidates will have team experience in selecting, implementing and managing application security tools on an enterprise scale. Job Skills

An illustrative list of specific skills supporting the job description above:

  • .NET or Java Web Application development on an enterprise scale
  • Code review practice, functional and quality focus
  • Technical leadership in design, development and/or support
  • Application/product management experience
  • Software testing, QA or security leadership
  • Utilization of APIs such as RESTful Services
  • Scripting ability in Python or similar language
  • Committed interest to AppSec

Related Skills

Additional skills and experiences that can be applied in the role include the following:

  • Vulnerability rating and analysis (CVE, CVSS, CWE ratings) utilization
  • Proficiency with a static analyzer such as Checkmarx, Fortify SCA or Coverity
  • Understanding of application security vulnerabilities and preventions
  • CISSP, GISSP or other relevant secure coding certification(s)
  • iOS or Android Mobile application development for consumer applications
  • Technical specification development, both internally and for vendor software
  • Threat modeling of application architecture
  • Business experience in and/or supporting the financial sector
  • Security vulnerability assessment techniques during design, development and testing
  • Operation of enterprise policy and standards for technologies and development
  • Engagement of key stakeholders, both technical and senior leadership

Preferred Experience Level:

  • 5-10 years of experience with public internet web and/or consumer mobile development
  • 2 years of experience involved in testing, QA or security related activities (can be concurrent)
  • Bachelor’s Degree in Computer Science, Engineering or equivalent experience

We are a team of great application security engineers who work as a team to architect, design, build and deliver secure security solutions at scale. If this sounds like you then please, let’s talk.

Job Band:

H5

Shift: 

1st shift (United States of America)

Hours Per Week:

40

Weekly Schedule:

Referral Bonus Amount:

0 -->

Job Description:

Job Description and Responsibilities

This role is for an individual contributor to backfill an engineering position in the Developer Security Platform team.  The team provides SAST, DAST and IAST solutions to enterprise security control groups and the developer community enterprise wide.

The immediate responsibility of the successful candidate will be to join the team in supporting the enterprise SAST solution - Checkmarx CxSAST.  Participation in other projects underway or planned could include the bank’s enterprise security pipeline, implementation of a new software composition analysis (SCA) product; implementing automated IAST capability in QA; re-designing self-service DAST offerings.  Future proof of concept evaluation on new products which could become projects, in partnership with R&D, should also be expected.

Team members manage the deployed products from a traditional application support standpoint, through established processes for performance monitoring, capacity utilization, exception analysis and similar tasks.  Operation of the tools is performed by separate teams.  Live support is provided to operations teams using the products to assess applications and also enterprise developers seeking to automate and integrate the products into their SDLC.

Job Preparation

There are two demonstrated success paths to this role:

Application Developer

This person is a top performer in an enterprise application development role.  They have some professional exposure to application security and/or have taken demonstrable steps to move into an application security role.  Exposure can be in the form of exercising application security products or remediating results from a central security group’s assessment of their application.  Candidates will have current practitioner level skills in enterprise level SDLC tools and processes.

Application Security Engineer

This person has dedicated security experience, either imbedded in an application development organization or central security group.  They have been directly responsible for working with developers to remediate code vulnerabilities from SAST, DAST and/or IAST results. Candidates will have team experience in selecting, implementing and managing application security tools on an enterprise scale. Job Skills

An illustrative list of specific skills supporting the job description above:

  • .NET or Java Web Application development on an enterprise scale
  • Code review practice, functional and quality focus
  • Technical leadership in design, development and/or support
  • Application/product management experience
  • Software testing, QA or security leadership
  • Utilization of APIs such as RESTful Services
  • Scripting ability in Python or similar language
  • Committed interest to AppSec

Related Skills

Additional skills and experiences that can be applied in the role include the following:

  • Vulnerability rating and analysis (CVE, CVSS, CWE ratings) utilization
  • Proficiency with a static analyzer such as Checkmarx, Fortify SCA or Coverity
  • Understanding of application security vulnerabilities and preventions
  • CISSP, GISSP or other relevant secure coding certification(s)
  • iOS or Android Mobile application development for consumer applications
  • Technical specification development, both internally and for vendor software
  • Threat modeling of application architecture
  • Business experience in and/or supporting the financial sector
  • Security vulnerability assessment techniques during design, development and testing
  • Operation of enterprise policy and standards for technologies and development
  • Engagement of key stakeholders, both technical and senior leadership

Preferred Experience Level:

  • 5-10 years of experience with public internet web and/or consumer mobile development
  • 2 years of experience involved in testing, QA or security related activities (can be concurrent)
  • Bachelor’s Degree in Computer Science, Engineering or equivalent experience

We are a team of great application security engineers who work as a team to architect, design, build and deliver secure security solutions at scale. If this sounds like you then please, let’s talk.

Job Band:

H5

Shift: 

1st shift (United States of America)

Hours Per Week:

40

Weekly Schedule:

Referral Bonus Amount:

0

Job Description: Job Description and Responsibilities

This role is for an individual contributor to backfill an engineering position in the Developer Security Platform team.  The team provides SAST, DAST and IAST solutions to enterprise security control groups and the developer community enterprise wide.

The immediate responsibility of the successful candidate will be to join the team in supporting the enterprise SAST solution - Checkmarx CxSAST.  Participation in other projects underway or planned could include the bank’s enterprise security pipeline, implementation of a new software composition analysis (SCA) product; implementing automated IAST capability in QA; re-designing self-service DAST offerings.  Future proof of concept evaluation on new products which could become projects, in partnership with R&D, should also be expected.

Team members manage the deployed products from a traditional application support standpoint, through established processes for performance monitoring, capacity utilization, exception analysis and similar tasks.  Operation of the tools is performed by separate teams.  Live support is provided to operations teams using the products to assess applications and also enterprise developers seeking to automate and integrate the products into their SDLC.

Job Preparation

There are two demonstrated success paths to this role:

Application Developer

This person is a top performer in an enterprise application development role.  They have some professional exposure to application security and/or have taken demonstrable steps to move into an application security role.  Exposure can be in the form of exercising application security products or remediating results from a central security group’s assessment of their application.  Candidates will have current practitioner level skills in enterprise level SDLC tools and processes.

Application Security Engineer

This person has dedicated security experience, either imbedded in an application development organization or central security group.  They have been directly responsible for working with developers to remediate code vulnerabilities from SAST, DAST and/or IAST results. Candidates will have team experience in selecting, implementing and managing application security tools on an enterprise scale. Job Skills

An illustrative list of specific skills supporting the job description above:

  • .NET or Java Web Application development on an enterprise scale
  • Code review practice, functional and quality focus
  • Technical leadership in design, development and/or support
  • Application/product management experience
  • Software testing, QA or security leadership
  • Utilization of APIs such as RESTful Services
  • Scripting ability in Python or similar language
  • Committed interest to AppSec

Related Skills

Additional skills and experiences that can be applied in the role include the following:

  • Vulnerability rating and analysis (CVE, CVSS, CWE ratings) utilization
  • Proficiency with a static analyzer such as Checkmarx, Fortify SCA or Coverity
  • Understanding of application security vulnerabilities and preventions
  • CISSP, GISSP or other relevant secure coding certification(s)
  • iOS or Android Mobile application development for consumer applications
  • Technical specification development, both internally and for vendor software
  • Threat modeling of application architecture
  • Business experience in and/or supporting the financial sector
  • Security vulnerability assessment techniques during design, development and testing
  • Operation of enterprise policy and standards for technologies and development
  • Engagement of key stakeholders, both technical and senior leadership

Preferred Experience Level:

  • 5-10 years of experience with public internet web and/or consumer mobile development
  • 2 years of experience involved in testing, QA or security related activities (can be concurrent)
  • Bachelor’s Degree in Computer Science, Engineering or equivalent experience

We are a team of great application security engineers who work as a team to architect, design, build and deliver secure security solutions at scale. If this sounds like you then please, let’s talk. Shift:

1st shift (United States of America)

Hours Per Week: 

40
 

Recommended Skills

  • Application Development
  • Vulnerability
  • Application Security
  • Mobile Application Development
  • Vulnerability Assessment
  • Applications Architecture
Apply to this job.
Think you're the perfect candidate?

Help us improve CareerBuilder by providing feedback about this job:

Job ID: 21036042

CareerBuilder TIP

For your privacy and protection, when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction. Learn more.

By applying to a job using CareerBuilder you are agreeing to comply with and be subject to the CareerBuilder Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.