Title: Security Engineer - Fintech AWS Analytics Firm

Client: The firm owns the world’s biggest financial data store and runs continuous analytics on global stock data movement. Our mission is to ensure investor protection and market integrity. We are constantly working on how to hack market systems with the goal of being ahead of potential bad actors in the market. Offering competitive benefits, great work life balance, forever-remote status-quo work, health insurance, and robust professional development opportunities! Our technical environment is one of the most respected in the industry and serves a real public interest, meaning you can go home happy with the work you do and work on progressive technology.

Location: 3 days onsite in Tysons Corner VA or Rockville MD

Description: Plan, coordinate and implement application security practices in each phase of software development life cycle though testing, remediation support, tool evaluation, etc. This role involves evaluating security vulnerabilities, security tools, implementing security solutions, and leveraging latest solutions to secure code review capabilities. Perform security assessments and manual penetration testing using tools such as Burp Suite and other proxy tools. Triage static (SAST), dynamic (DAST), interactive (IAST) analysis results to identify, prioritize and remediate security vulnerabilities. Integrate security practices into C/CD pipeline to support DevSecOps initiative. Maintain documentation of security findings, remediation plans, and compliance requirements. Develop and interpret security policies and procedures. Participate in security compliance efforts. Develop and deliver training materials and perform general security awareness and specific security technology training. Evaluate and recommend new and emerging security products and technologies. Leverage GenAI technologies to scale application security reviews and automate code analysis. Evaluate various application security tools/capabilities i.e., SAST, DAST, IaC, Secrets detection tools. Stay current with emerging security threats and countermeasures. Ability to train or explain the common security issues to raise the security awareness among developers and assurance engineers. Perform AWS configuration reviews.

Qualifications:
- 5+ years of experience required in Cyber security and application security
- Familiarity with SAST, DAST, IAST tools
- Understanding of AWS is required
- Deep understanding of OWASP top issues and remediation guidelines
- Proficiency in one or more programming languages (Java, Python, JavaScript is preferred)
- Understanding of CI/CD tools such as Jenkins and GITLAB
- Should have experience securing AI/genAI
- Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security
- Candidates with software development background is a plus
- Consistent implementation of security solutions
- Experience in infrastructure or application-level vulnerability testing and auditing
- Certifications like GWAPT, OSWE, Burp Suite Certified Practitioner are good to have

LI-CGTS # TS-2505