ProSight Financial Association
Application Security Engineer
ProSight Financial Association, Chicago, Illinois, United States, 60290
Join to apply for the
Application Security Engineer
role at
ProSight Financial Association .
Overview We are seeking an
Application Security Engineer
who will collaborate with software engineers to establish and enforce secure coding practices, contribute to defining security best practices, and foster a culture that promotes security as a core tenet, from initial design through production deployment.
What You’ll Do
Collaborate with developers and operations teams to anticipate security vulnerabilities, proactively assess and identify potential risks, develop mitigation strategies, and ensure that security measures are incorporated throughout the entire application development process
Lead application security reviews and threat modeling efforts, including code reviews, dynamic testing, penetration testing, hacker simulations, and reviewing applications against OWASP Top 10
Integrate security tools and processes into the DevOps pipeline to automate security checks and scans to identify and fix vulnerabilities early in the development process
Establish and maintain secure coding standards and best practices and provide guidance and training to development teams
Collaborate with development, DevOps, and IT teams to ensure that security measures are implemented in production environments
Help manage security incident response and recovery processes, including impact assessment, remediation, root cause analysis, and preventative measures
Define, develop, and present key application security metrics, identify critical issues proactively, and communicate them effectively to stakeholders
Ensure compliance with relevant security regulations and standards, especially those relevant to banking and finance
Stay current with the latest security threats, trends, and countermeasures to ensure that the organization's applications are always protected
What We’re Looking For
Bachelor’s degree in computer science or a related field
5+ years of experience executing application security testing methodologies (e.g., SAST, SCA, DAST, etc.)
Strong understanding of OWASP Top 10, NIST guidelines, common security vulnerabilities, and best practices
Experience with intrusion detection systems and vulnerability scanners
Experience integrating security tools and processes into the DevOps pipeline
Experience developing software using .NET, C#, T-SQL, stored procedures, React, etc.
Experience with Azure, including Entra External ID, cloud-native microservices, Kubernetes, and Docker
Experience with HTML, JavaScript and CSS
Experience with DevOps practices and networking a plus
Relevant certifications such as CISSP, CSSLP, OSCP, CEH, or Azure Security Engineer Associate a plus
Experience using AI tools to accelerate or improve software development processes and the risks of using generative AI or machine learning a plus
Ability to communicate effectively with both technical and non-technical stakeholders
Experience with agile software development methodologies a plus
Experience with e-learning/online learning, policy management, and/or governance risk and compliance a plus
Familiarity with financial services/banking industry a plus
Ability to work in the Chicago office periodically is required
Compensation & Benefits The salary range for this position is
$110,000 - $140,000 . Compensation offered will be determined by factors such as skills, experience, education, job-related knowledge and market considerations. ProSight offers an outstanding benefits package with comprehensive insurance coverage, a 401(k) plan with company match, flexible paid time off, hybrid and remote working models, tuition assistance and the ability to work in a collaborative, team-oriented environment.
Company & Resources To learn more about our company please visit
www.prosightfa.org ,
www.bai.org , and
www.rmahq.org .
Location: Chicago, IL
#J-18808-Ljbffr
Application Security Engineer
role at
ProSight Financial Association .
Overview We are seeking an
Application Security Engineer
who will collaborate with software engineers to establish and enforce secure coding practices, contribute to defining security best practices, and foster a culture that promotes security as a core tenet, from initial design through production deployment.
What You’ll Do
Collaborate with developers and operations teams to anticipate security vulnerabilities, proactively assess and identify potential risks, develop mitigation strategies, and ensure that security measures are incorporated throughout the entire application development process
Lead application security reviews and threat modeling efforts, including code reviews, dynamic testing, penetration testing, hacker simulations, and reviewing applications against OWASP Top 10
Integrate security tools and processes into the DevOps pipeline to automate security checks and scans to identify and fix vulnerabilities early in the development process
Establish and maintain secure coding standards and best practices and provide guidance and training to development teams
Collaborate with development, DevOps, and IT teams to ensure that security measures are implemented in production environments
Help manage security incident response and recovery processes, including impact assessment, remediation, root cause analysis, and preventative measures
Define, develop, and present key application security metrics, identify critical issues proactively, and communicate them effectively to stakeholders
Ensure compliance with relevant security regulations and standards, especially those relevant to banking and finance
Stay current with the latest security threats, trends, and countermeasures to ensure that the organization's applications are always protected
What We’re Looking For
Bachelor’s degree in computer science or a related field
5+ years of experience executing application security testing methodologies (e.g., SAST, SCA, DAST, etc.)
Strong understanding of OWASP Top 10, NIST guidelines, common security vulnerabilities, and best practices
Experience with intrusion detection systems and vulnerability scanners
Experience integrating security tools and processes into the DevOps pipeline
Experience developing software using .NET, C#, T-SQL, stored procedures, React, etc.
Experience with Azure, including Entra External ID, cloud-native microservices, Kubernetes, and Docker
Experience with HTML, JavaScript and CSS
Experience with DevOps practices and networking a plus
Relevant certifications such as CISSP, CSSLP, OSCP, CEH, or Azure Security Engineer Associate a plus
Experience using AI tools to accelerate or improve software development processes and the risks of using generative AI or machine learning a plus
Ability to communicate effectively with both technical and non-technical stakeholders
Experience with agile software development methodologies a plus
Experience with e-learning/online learning, policy management, and/or governance risk and compliance a plus
Familiarity with financial services/banking industry a plus
Ability to work in the Chicago office periodically is required
Compensation & Benefits The salary range for this position is
$110,000 - $140,000 . Compensation offered will be determined by factors such as skills, experience, education, job-related knowledge and market considerations. ProSight offers an outstanding benefits package with comprehensive insurance coverage, a 401(k) plan with company match, flexible paid time off, hybrid and remote working models, tuition assistance and the ability to work in a collaborative, team-oriented environment.
Company & Resources To learn more about our company please visit
www.prosightfa.org ,
www.bai.org , and
www.rmahq.org .
Location: Chicago, IL
#J-18808-Ljbffr