Intercontinental Exchange
Engineer, Application Security
Intercontinental Exchange, Jacksonville, Florida, United States, 32290
Overview
Job Purpose
An ICE IS AppSec Engineer is part of a team responsible for ensuring that ICE produces and maintains secure applications. The team member influences secure design, performs code analysis, identifies vulnerabilities through hands‑on penetration testing, assists developers in remediation efforts, and communicates findings to developers, QA teams and management.
Responsibilities
Application Identification and Review
- Operates the Application Development Security Lifecycle from design review through automated and hands‑on testing.
Standards and Policies
- Maintains and contributes to Application Development Security Policies and standards by keeping up with industry trends and publications from organizations such as NIST, OWASP, and SANS.
Secure Design
- Works with development teams to establish security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases.
Tool Management
- Focuses on automation while implementing, maintaining and integrating cutting‑edge technologies to assess an application's security with static code analyzers (SAST), dynamic testing (DAST) tools, software composition scanners, Web Application Firewall (WAF) and bug bounty programs.
Developer Education
- Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one‑on‑one education, Intranet blogs and other opportunities.
Desirable Knowledge and Experience
Software engineering experience in Java, C++, .NET and/or related languages
Expert at deploying, configuring, and using SAST, DAST, and Software Composition in large environments
Experience designing solutions to integrate transparently with the CI/CD pipeline
Familiar with application development in large cloud environments
University degree in Computer Science, Engineering, MIS, CIS, or related discipline
Analyst, Engineer, and Sr. Engineer Distinction Seniority is determined by experience and demonstration of exceptional competencies including:
Documenting and effectively publishing technology guidance and repeatable processes
Mentoring peers in groups and individually
Improving processes and introducing superior technologyTaking initiative to learn business goals, liaise with other departments, and identify ways to increase productivity in other ICE groups and offices
#J-18808-Ljbffr
An ICE IS AppSec Engineer is part of a team responsible for ensuring that ICE produces and maintains secure applications. The team member influences secure design, performs code analysis, identifies vulnerabilities through hands‑on penetration testing, assists developers in remediation efforts, and communicates findings to developers, QA teams and management.
Responsibilities
Application Identification and Review
- Operates the Application Development Security Lifecycle from design review through automated and hands‑on testing.
Standards and Policies
- Maintains and contributes to Application Development Security Policies and standards by keeping up with industry trends and publications from organizations such as NIST, OWASP, and SANS.
Secure Design
- Works with development teams to establish security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases.
Tool Management
- Focuses on automation while implementing, maintaining and integrating cutting‑edge technologies to assess an application's security with static code analyzers (SAST), dynamic testing (DAST) tools, software composition scanners, Web Application Firewall (WAF) and bug bounty programs.
Developer Education
- Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one‑on‑one education, Intranet blogs and other opportunities.
Desirable Knowledge and Experience
Software engineering experience in Java, C++, .NET and/or related languages
Expert at deploying, configuring, and using SAST, DAST, and Software Composition in large environments
Experience designing solutions to integrate transparently with the CI/CD pipeline
Familiar with application development in large cloud environments
University degree in Computer Science, Engineering, MIS, CIS, or related discipline
Analyst, Engineer, and Sr. Engineer Distinction Seniority is determined by experience and demonstration of exceptional competencies including:
Documenting and effectively publishing technology guidance and repeatable processes
Mentoring peers in groups and individually
Improving processes and introducing superior technologyTaking initiative to learn business goals, liaise with other departments, and identify ways to increase productivity in other ICE groups and offices
#J-18808-Ljbffr