Logo
StoneX Group Inc.

Application Security Engineer

StoneX Group Inc., Kansas City, Missouri, United States, 64101

Save Job
Join to apply for the Application Security Engineer role at StoneX Group Inc. 1 day ago Be among the first 25 applicants Overview Connecting clients to markets - and talent to opportunity. With 4,500+ employees and over 300,000 clients, we operate from more than 70 offices worldwide. As a Fortune 100, Nasdaq-listed provider, we focus on innovation, human connection, and delivering top-tier products and services to investors. Responsibilities Position purpose: The Application Security Engineer at StoneX is a hands-on role focused on application security across the SDLC, managing Cloudflare's security features, and working closely with development teams to embed secure coding practices, conduct threat modeling, and support security assessments. Manage application-layer protections in Cloudflare, including WAF, API security, and bot mitigation. Improve Cloudflare configurations to address threats and meet business needs. Collaborate with development teams on security practices, threat modeling, and code reviews. Integrate security tools into CI/CD pipelines for early issue detection. Support manual security assessments, bug bounties, and penetration tests. Develop security policies, coding standards, and best practices. Analyze vulnerabilities, coordinate remediation, and track issues. Enhance the application security program's visibility and developer engagement. Technology Ecosystem Languages: Java, C#, JavaScript, Python Security Testing: SAST, DAST, SCA, manual review, pen testing Edge Security: Cloudflare WAF, Zero Trust, Bot Management Cloud & CI/CD: GitHub Actions, Azure DevOps, AWS Processes: Secure SDLC, threat modeling, vulnerability management Qualifications Required: 5+ years in Application Security Experience with Cloudflare WAF and related products Strong understanding of secure coding, authentication, access control Familiarity with Burp Suite, Veracode, GHAS, Snyk Experience with CI/CD pipelines and security integration Preferred: Development background in Java, C#, Python, JavaScript Knowledge of bug bounty, OWASP Top 10, web security risks Experience with threat modeling and risk triage Cloud knowledge (AWS, Azure) is a plus Education / Certifications: Bachelor's in CS, Cybersecurity, or related Certifications like Security+, CEH, or Cloudflare certs are a plus Salary Range: $90,000 - $120,000 annually, depending on experience and qualifications. Benefits included. Additional Details Seniority: Mid-Senior level Employment type: Full-time Job function: Information Technology #J-18808-Ljbffr