Senior Security Platform Engineer

Company: EDWARD JONES
Location: Duke
Posted on: June 26, 2022

Job Description:

At Edward Jones, we help clients achieve their serious, long-term financial goals by understanding their needs and implementing tailored solutions. To ensure a personal client experience, we have located our 15,000+ branch offices where our more than 7 million clients live and work. In a typical branch office, a financial advisor meets with clients and receives branch office support, so they can focus on building deep relationships with clients. Headquarters associates in St. Louis, Tempe and Mississauga provide support and expertise to help U.S. and Canada branch teams deliver an ideal client experience. We continue to grow to meet the needs of long-term individual investors.
The Software Security team is responsible for ensuring the delivery of secure software to our Financial Advisors and Home office associates. Our key systems include static application security testing, software composition analysis, container security, web access management, etc. We are responsible for supporting and enhancing our existing systems and developing technology solutions that support and elevate the technology division in alignment with firm's vision.
The application security platform engineer is responsible for validating that application services are designed and implemented with high security standards. The role analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, the application security platform engineer addresses legacy and emerging security issues and implements repeatable secure development practices to reduce the introduction of program design flaws that may lead to exploitation. As issues are uncovered, the application security platform engineer communicates with the appropriate technical and leadership teams to ensure a focus on risk mitigation - allowing for business continuity, but without negligent risk. Application security platform engineers are constantly assessing applications for weaknesses and finding resolutions before they can be abused. Responsibility Summary: Perform and analyze vulnerability testing. Document security findings and directly assist developers with reasonable methods to secure.
Work in tandem with developers to provide repetitive validation testing prior to production while allowing for a continuous cycle of development followed by application security assessments.
Directly assist developers hands-on with code details and assist with mitigation routes.
Regularly monitor the security community for public-facing security issues, as well as to learn new tactics that can be used in testing.
Attend and participate in application projects and change management committees. This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning.
Fully define and follow a security review process to ensure an automated and repeatable process is managed. Use security standards and implementation configurations, as well as common security frameworks. Prepare for and manage bug bounty programs. Document delivery and implementation advances that meet defined service-level agreements (SLAs) and business metrics.
Align with architects and development teams for a mission of secure design.
Train developers and junior application security engineers on weaknesses to avoid.
Actively participate and lead security team meetings that facilitate secure design.
Focus on application security that observes compliance -Sarbanes-Oxley Act (SOX), etc. - and other privacy laws.
Respond to and handle service and escalation tickets within SLA expectations.
Drive security efficiencies, enabling security team members to work on more advanced tasks.
Excellent interpersonal and communication (written and verbal) skills. Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively. At least 5+ years' experience in cybersecurity, including compliance and risk management security engineering background.
Highly technical and analytical experience, with a proven deep background (preferred 5+ years' in addition to cybersecurity) in application programming. Experience in threat modeling applications.
Vulnerability and penetration-testing skills.
Excellence in communicating business risk from cybersecurity issues.
Proficiency in software development (emphasis on Java).
Solid understanding of network and web protocols.
Experience with security of intra-company and third-party APIs.
Experience with dynamic and static scanning tools. 2021 FORTUNE 100 Best Companies to Work For By Great Place to Work and FORTUNE Magazine - Edward Jones was named No. 20 on the list. From FORTUNE 2021 FORTUNE Media IP Limited. All rights reserved. Used under license. FORTUNE and FORTUNE 100 Best Companies to Work For are registered trademarks of Fortune Media IP Limited and are used under license. FORTUNE and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of, Edward Jones Investments. 2021 Corporate Equality Index - Edward Jones joins the ranks of 767 major U.S. businesses that received top marks in the Foundation's 19th annual scorecard on LGBTQ workplace equality.From The Human Rights Campaign. All Rights Reserved 2021 Training Top 100 list - Edward Jones ranked No. 19, up six spots from last year in its 21st consecutive year on this prestigious list.
J.D. Power, 2021 - Edward Jones has ranked "highest in Employee Advisor Satisfaction among Financial Investment Firms" in the J.D. Power 2021 U.S. Financial Advisor Satisfaction Study. Edward Jones received the highest score among employee advisors in the J.D. Power 2007,2008, 2010, 2012-2015, 2017-2021 Financial Advisor Satisfaction Studies of employee advisors' satisfaction among those who are employed by an investment services firm. Visit jdpower.com/awards for more information. Edward Jones does not discriminate on the basis of race, color, gender, religion, national origin, age, disability, sexual orientation, pregnancy, veteran status, genetic information or any other basis prohibited by applicable law.
At Edward Jones, we value and respect our associates and their contributions, and we recognize individual efforts through a rewards program that promotes a long-term career, financial security and well-being. Visit our career site to learn more about our total compensation approach, which in addition to base salary, typically includes benefits, bonuses and profit sharing. The salary range for this role is based on national data and actual pay is based on skills, experience, education, and other relevant factors for a potential new associate: Salary: $106916 - $182047
Category: Headquarters

Keywords: EDWARD JONES, Springfield , Senior Security Platform Engineer, Engineering , Duke, Missouri