Application Security Engineer, Dynamic Analysis

Who we are:

The Threat Detection Team at BNY Mellon develops and maintains the signals, tools, and infrastructure required to perform deep analysis of threats on our corporate environment. This role will be responsible for identifying and constantly evolving techniques to detect sophisticated attacks. As part of this team, you will be building advanced and novel detection mechanisms for attacker techniques tactics and procedures, developing systems to automate remediation, conducting threat hunting, and performing network and systems forensics, as well as malware and indicator analysis.

The successful candidate will be part of a high-performance Cyber Security Analytics team within the Information Security Division of BNY Mellon. The Cyber Security Analytics team is responsible for providing threat detection, analytics and visualization to the Information Security and other functional groups within BNY Mellon with goal of detecting and preventing adversarial attacks.

What you will be doing:

The Application Security Engineer will support the development teams, including reviewing and explaining application security tools and processes, providing vulnerability explanations and remediation guidance, and performing basic configuration of scans.

• Experience with AppSec tooling to perform Dynamic Analysis (DAST).
• Provide vulnerability remediation and mitigation guidance that maintains a balance between security and business objectives.
• Must have a mindset of continuous improvement of people, processes, and technology.
• Engage with product owners, project managers and developers to conduct security reviews, identify risks and conform to organizational remediation/mitigation timelines.
• Mentor junior team members and act as a subject matter expert for application security issues.
• Experience with AppScan, Burpe Suite and Jira a must.
• Able to work both independently as well with development teams and multi-task effectively.
• Excellent written and oral communication skills, as well as social skills including the ability to articulate to both technical and non-technical audiences.
• Experience with modern programming languages such as Java, JavaScript, C#, Swift, Kotlin, and/or Python.
• Experience with modern programming languages such as Java, JavaScript, C#, Swift, Kotlin, and/or Python.

Qualifications:

• Bachelor's Degree in Software Engineering, Computer Science, Cybersecurity, or related field is preferred.
• 5+ years of relevant experience in Application Security or secure development.
• Relevant professional certifications preferred (e.g., CISSP, CSSLP, Security+, CASE, etc.)