Systems Engineer - Application Security

Wintrust is a financial holding company with approximately $50 billion assets under management and traded on the NASDAQ:WTFC. Built on the "HAVE IT ALL" model, Wintrust offers sophisticated technology and resources of a large bank while focusing on providing service-based community banking to each and every customer. Wintrust operates fifteen community bank subsidiaries with over 170 banking locations in the greater Chicago and southern Wisconsin market areas. Additionally, Wintrust operates various non-bank business units including commercial and life insurance premium financing, short-term accounts receivable financing, out-sourced administrative services, mortgage origination and purchase, wealth management services and qualified intermediary services for tax-deferred exchanges.
Why join us?

• An award-winning culture! We are rated a Top Workplace by the Chicago Tribune (past 8 years) and Employee Recommended award by the Globe & Mail (past 6 years)
• Competitive pay and discretionary or incentive bonus eligible
• Comprehensive benefit package including medical, dental, vision, life, a 401k plan with a generous company match and tuition reimbursement to name a few
• Promote from within culture

Why join this team?

• We are a dynamic and growing team that plays a critical role in Information Security at Wintrust. We are relied upon to accomplish significant projects.
• Our team prides itself on valuing solutions over work for work's sake. Being able to think outside the box is key, and our philosophy is reflected in exercising critical thinking with integrity and creativity. We trust your skill.

Position Summary
This position will join our growing Application Development team with a focus on ensuring that every step of the software development lifecycle (SDLC) follows security best practices. The Application Security Engineer will functionally support product engineering/software development and Infrastructure engineering/operations teams in securing the company's products portfolio. To be successful in this role, candidates should have experience in complex, fast-paced, technical environments with a passion for technology and process-driven, collaborative problem solving.
Responsibilities

• Participate in and support application security reviews and threat modeling, including code review and dynamic testing.
• Provide expert knowledge and guidance to the application development teams about security vulnerabilities and applicable remediation paths.
• Facilitate and support the preparation of security releases.
• Support and consult with development teams in the area of application security.
• Deliver on the AppSec risk management strategy through proving program effectiveness and risk reporting
• Assist in development of automated security testing to validate that secure coding best practices are being used.

Qualifications

• 3 years total in application security and/or security engineering
• At least 1 year in software engineering preferred
• AppSec vulnerability management and reporting
• Defining and implementing AppSec policies, guidelines and standards
• Delivering AppSec services such as threat modeling, secure code reviews, and AppSec consulting
• Knowledge of Application Security foundations including Cryptography, TLS, Threat Models, Secure coding principles etc
• Knowledge of programming languages such as Java, .NET, Javascript, Python, etc preferred
• Experience with OWASP top 10, SANS top 25 , CVE, CVSS, CWE etc
• Integrating Application Security tooling into the SDLC. This includes tools such as SAST, SCA, IaC scanning, DAST, iAST, WAF etc.
• Demonstrated application of various frameworks and models such as NIST SCF, BSIMM, OpenSAMM etc
• Ability to manage key customer relationships, including with peer senior managers and Directors
• Ability to influence cross functional teams to accomplish Security goals
• Excellent analytical skills and ability to learn quickly

From our first day in business, Wintrust has been proud to serve a variety of unique communities and people from all walks of life. To be Chicago's Bank® and Wisconsin's Bank®, we need to reflect that diversity both in all the communities we serve, the people we employ, the organizations we work with, and our banking and lending practices. Wintrust Financial Corporation, including community banking and financial services subsidiaries, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, sexual orientation, gender identity and expressions, genetic information, marital status, age, disability, or status as a covered veteran or any other characteristic protected by law.