Under general direction from Cyber and Information Security (CIS) Leadership, the Director of Application Security Engineering oversees the Secure Software Development Lifecycle (SSDLC), including all relevant tooling, processes, training and guidance to educate the organization's development community and help drastically minimize the security risks to its applications, data and hosting environment. The Director defines or reviews relevant information security strategies, policies, and standards - most specifically focused on Web Application Firewall (WAF).
At FINRA, we infuse innovation into how we work. We use cutting-edge technologies like AI, machine learning, cloud computing, and big data analytics to protect investors and ensure market integrity. As a result of our pioneering work, Computerworld ranked us #2 globally as a Best Place to work in IT among mid-sized companies in 2024. Join our forward-thinking culture and elevate your career.
Essential Job Functions:
- Manage a team focused on delivering high quality security testing, or secure development and operations, results within the Application Security Program. This includes assignment coordination and training of subordinate staff, and backup coverage for next level management.
- Define, review or promote relevant security strategy, policies, standards, guidelines and procedures.
- Perform project management and status reporting to leadership on all major initiatives within the purview of the respective team.
- Create the team roadmap in alignment with organizational needs, any relevant business cases for new capabilities or staff to support the program, and oversee relevant budget planning and maintenance.
- Oversee the establishment and maintenance of processes and techniques used to identify, validate, and prioritize security risks on FINRA’s in-house and proprietary software applications, including both on-premises and AWS cloud-based hosting.
- Oversee secure software development or security testing for full SDLC from initiation to release for relevant technologies such as Java/J2EE, .NET or Python.
- Develop and implement strategies to promote consistent use of security controls across the enterprise.
- Oversee the execution of manual and automated secure software development activities by deploying, configuring, monitoring, or testing security controls, utilizing cyber security tools, to perform service security assessments, integrations, or operations.
- Identify, evaluate, and recommend new security technologies, techniques, and tools; prepare and deliver professional communications, including security assessment reports, status reports or dashboards and/or training briefings.
Other Responsibilities:
- Ensure all work product meets/exceeds FINRA standards.
- Other duties as assigned.
Education/Experience Requirements:
- Bachelor’s degree in computer science, engineering, or related technical discipline.
- ISC2 Certified Information System Security Professional (CISSP) certification highly desired.
- Additional certifications related to AWS, secure design/architecture, networking, security testing or similar are desired.
- 9 years technology experience, of which includes 3+ years of cyber and information security experience.
- 2+ years of supervisory/management experience.
- Expertise in Application Security domain vulnerabilities and associated tooling such as open source and enterprise SAST, DAST, IAST, WAF and/or HTTP proxy solutions.
- Financial services industry experience is a plus.
- Knowledge and general understanding of government and industry security standards and frameworks commonly used.
- Advanced knowledge of cyber and information security standards, frameworks, technologies, control strategies, and compliance practices.
To be considered for this position, please submit an application. Applications are accepted on an ongoing basis.
The information provided above has been designed to indicate the general nature and level of work of the position. It is not a comprehensive inventory of all duties, responsibilities and qualifications required.
#J-18808-Ljbffr