Lead AppSec Engineer

TIAA has an opportunity for a Lead Application Security Engineer. This role will be responsible for the management of application security tools and the delivery of related services. The role will analyze software designs and implementations from a security perspective. This role supports application security tools, including those for static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), software composition analysis (SCA), and API security testing. This role will collaborate with developers to ensure these tools are integrated successfully into their DevOps pipelines and practices, and support developers in the identification and resolution of security issues that these tools identify.

Key Responsibilities and Duties

• Conduct application security reviews and threat modeling.
• Deploy and maintain application security testing infrastructure including (SAST, DAST, SCA, IAST, and API)
• Ensure these tools deliver maximum value for both security and developer stakeholders.
• Support integration and automation efforts to ensure that security testing is an integral and painless part of code development.
• Partner with and train developers in how to deliver secure code.
• Track, prioritize and drive remediation of code vulnerabilities.
• Develop and foster effective working relationships within both Security and IT teams to ensure that projects are delivered securely and on-time.

Educational Requirements

• University (Degree) Preferred

Work Experience

• 5+ Years Required; 7+ Years Preferred

Physical Requirements

• Physical Requirements: Sedentary Work

Career Level

8IC

Qualifications:

Required:

• Minimum of 5 years of IT experience
• At least 2+ years of specialization in application security and/or DevOps.
• At least 2+ years of using application security testing methodologies such as SAST, DAST, SCA, IAST and API Security
• At least 2+ years of application development experience with backend development
• At least 1+ years of experience utilizing of the major cloud technologies.

Preferred:

• Understanding of programming languages such as Java, JavaScript, Python and Angular
• Possess technical certifications relevant to application security, such as GWAPT, GWEB, GPEN, OSCP, CSSLP, or CASE
• Strong knowledge of relevant Security Standards (OWASP, etc.) and how to apply them to the software development lifecycle in a large agile environment.
• Experience performing security analysis on web applications, APIs and/or mobile (Apple and Android) applications.
• Experience applying application security in cloud environments, including AWS & AZURE
• Candidate must be collaborative, highly organized, creative, and effectively communicate.
• Experience with project management software development utilizing Agile of Kanban

#LI-VR

Related Skills

Accountability, Adaptability, Business Continuity Planning, Cloud Computing Security, Collaboration, Communication, Compliance, Consultative Communication, Cybersecurity, Detail Oriented, General Risk Management, Network Security, Prioritizes Effectively

Base Pay Range: $113,000/yr. - $188,300/yr.

Actual base salary may vary based upon, but not limited to, relevant experience, time in role, base salary of internal peers, prior performance, business sector, and geographic location. In addition to base salary, the competitive compensation package may include, depending on the role, participation in an incentive program linked to performance (for example, annual discretionary incentive programs, non-annual sales incentive plans, or other non-annual incentive plans).

Company Overview

TIAA is the leading provider of financial services in the academic, research, medical, cultural and government fields. We offer a wide range of financial solutions, including investing, banking, advice and education, and retirement services.

Benefits and Total Rewards

The organization is committed to making financial well-being possible for its clients, and is equally committed to the well-being of our associates. That's why we offer a comprehensive Total Rewards package designed to make a positive difference in the lives of our associates and their loved ones. Our benefits include a superior retirement program and highly competitive health, wellness and work life offerings that can help you achieve and maintain your best possible physical, emotional and financial well-being. To learn more about your benefits, please review our Benefits Summary.

Equal Opportunity

We are an Equal Opportunity/Affirmative Action Employer. We consider all qualified applicants for employment regardless of age, race, color, national origin, sex, religion, veteran status, disability, sexual orientation, gender identity, or any other protected status.

Read more about the Equal Opportunity Law here.

Accessibility Support

TIAA offers support for those who need assistance with our online application process to provide an equal employment opportunity to all job seekers, including individuals with disabilities.

If you are a U.S. applicant and desire a reasonable accommodation to complete a job application please use one of the below options to contact our accessibility support team:

Phone: (800) 842-2755

Email: [email protected]

Privacy Notices

For Applicants of TIAA, Nuveen and Affiliates residing in US (other than California), click here.

For Applicants of TIAA, Nuveen and Affiliates residing in California, please click here.

For Applicants of Nuveen residing in Europe and APAC, please click here.

For Applicants of Greenwood residing in Brazil (English), click here.

For Applicants of Greenwood residing in Brazil (Portuguese), click here.

For Applicants of Westchester residing in Brazil (English), click here.

For Applicants of Westchester residing in Brazil (Portuguese), click here.