Vice President of CI/CD Security Engineering

Vice President of CI/CD Security Engineering About the Company Join an internationally recognized banking group that excels in the Financial Services industry. Industry Financial Services Type Subsidiary of a Public Company Founded 1996 Employees 10,001+ Categories Financial Services Consulting & Professional Services Banking & Mortgages Banking Finance Specialties Advisory Capital markets & investment banking Corporate & institutional client banking Derivatives Equity research Sales & trading FX / treasury services Global trade finance Lease finance Leveraged finance Mergers & acquisitions Project finance Real estate finance Business Classifications B2B B2C Enterprise About the Role We are looking for an experienced Vice President of CI/CD Security Engineering to lead our application security efforts. In this pivotal role, you will manage the operation and maintenance of our vendor SAST and SCA tool, ensuring it effectively scans our proprietary software for security vulnerabilities. To thrive in this position, you must possess a deep understanding of application security processes, CI/CD tools, and methodologies, along with SAST, SCA, and SBOM. You will serve as a subject matter expert, resolving complex issues and collaborating with multiple teams on application security challenges. Responsibilities will include overseeing tool license utilization, liaising with vendor representatives, and demonstrating flexibility in working hours as needed to accommodate project demands. To qualify, you should have a minimum of 7 years' experience as an application security analyst or a penetration testing analyst, with proficiency in programming languages such as C#, C++, Java, Python, and .Net. Your expertise in developing and optimizing CI/CD pipelines for code quality and vulnerability detection, paired with a solid grasp of the Secure Software Development Lifecycle, is essential. Your background should include familiarity with SAST or DAST, container security issues, and an in-depth understanding of the OWASP Top 10 or CWE. The ability to analyze code deficiencies and experience with collaboration tools like Jira and Confluence are vital. Additional experience with bug bounties and penetration testing is a plus. We seek a detail-oriented individual skilled in creating and maintaining thorough process documentation. Hiring Manager Title SMBC AD Head of Application Security Travel Percent Less than 10% Functions Engineering Information Technology