Senior Security Platform Engineer
Company: EDWARD JONES
Location: Duke
Posted on: June 26, 2022
|
|
Job Description:
At Edward Jones, we help clients achieve their serious,
long-term financial goals by understanding their needs and
implementing tailored solutions. To ensure a personal client
experience, we have located our 15,000+ branch offices where our
more than 7 million clients live and work. In a typical branch
office, a financial advisor meets with clients and receives branch
office support, so they can focus on building deep relationships
with clients. Headquarters associates in St. Louis, Tempe and
Mississauga provide support and expertise to help U.S. and Canada
branch teams deliver an ideal client experience. We continue to
grow to meet the needs of long-term individual investors.
The Software Security team is responsible for ensuring the delivery
of secure software to our Financial Advisors and Home office
associates. Our key systems include static application security
testing, software composition analysis, container security, web
access management, etc. We are responsible for supporting and
enhancing our existing systems and developing technology solutions
that support and elevate the technology division in alignment with
firm's vision.
The application security platform engineer is responsible for
validating that application services are designed and implemented
with high security standards. The role analyzes the security of
applications in tandem with their underlying services, including
connected dependencies such as middle-tier systems and databases.
Additionally, the application security platform engineer addresses
legacy and emerging security issues and implements repeatable
secure development practices to reduce the introduction of program
design flaws that may lead to exploitation. As issues are
uncovered, the application security platform engineer communicates
with the appropriate technical and leadership teams to ensure a
focus on risk mitigation - allowing for business continuity, but
without negligent risk. Application security platform engineers are
constantly assessing applications for weaknesses and finding
resolutions before they can be abused. Responsibility Summary:
Perform and analyze vulnerability testing. Document security
findings and directly assist developers with reasonable methods to
secure.
Work in tandem with developers to provide repetitive validation
testing prior to production while allowing for a continuous cycle
of development followed by application security assessments.
Directly assist developers hands-on with code details and assist
with mitigation routes.
Regularly monitor the security community for public-facing security
issues, as well as to learn new tactics that can be used in
testing.
Attend and participate in application projects and change
management committees. This includes interacting with business
units and technical teams to understand what is coming and how
their projects can be more secure from the beginning.
Fully define and follow a security review process to ensure an
automated and repeatable process is managed. Use security standards
and implementation configurations, as well as common security
frameworks. Prepare for and manage bug bounty programs. Document
delivery and implementation advances that meet defined
service-level agreements (SLAs) and business metrics.
Align with architects and development teams for a mission of secure
design.
Train developers and junior application security engineers on
weaknesses to avoid.
Actively participate and lead security team meetings that
facilitate secure design.
Focus on application security that observes compliance
-Sarbanes-Oxley Act (SOX), etc. - and other privacy laws.
Respond to and handle service and escalation tickets within SLA
expectations.
Drive security efficiencies, enabling security team members to work
on more advanced tasks.
Excellent interpersonal and communication (written and verbal)
skills. Track record of acting with integrity, taking pride in
work, seeking to excel, being curious and adaptable, and
communicating effectively. At least 5+ years' experience in
cybersecurity, including compliance and risk management security
engineering background.
Highly technical and analytical experience, with a proven deep
background (preferred 5+ years' in addition to cybersecurity) in
application programming. Experience in threat modeling
applications.
Vulnerability and penetration-testing skills.
Excellence in communicating business risk from cybersecurity
issues.
Proficiency in software development (emphasis on Java).
Solid understanding of network and web protocols.
Experience with security of intra-company and third-party APIs.
Experience with dynamic and static scanning tools. 2021 FORTUNE 100
Best Companies to Work For By Great Place to Work and FORTUNE
Magazine - Edward Jones was named No. 20 on the list. From FORTUNE
2021 FORTUNE Media IP Limited. All rights reserved. Used under
license. FORTUNE and FORTUNE 100 Best Companies to Work For are
registered trademarks of Fortune Media IP Limited and are used
under license. FORTUNE and Fortune Media IP Limited are not
affiliated with, and do not endorse products or services of, Edward
Jones Investments. 2021 Corporate Equality Index - Edward Jones
joins the ranks of 767 major U.S. businesses that received top
marks in the Foundation's 19th annual scorecard on LGBTQ workplace
equality.From The Human Rights Campaign. All Rights Reserved 2021
Training Top 100 list - Edward Jones ranked No. 19, up six spots
from last year in its 21st consecutive year on this prestigious
list.
J.D. Power, 2021 - Edward Jones has ranked "highest in Employee
Advisor Satisfaction among Financial Investment Firms" in the J.D.
Power 2021 U.S. Financial Advisor Satisfaction Study. Edward Jones
received the highest score among employee advisors in the J.D.
Power 2007,2008, 2010, 2012-2015, 2017-2021 Financial Advisor
Satisfaction Studies of employee advisors' satisfaction among those
who are employed by an investment services firm. Visit
jdpower.com/awards for more information. Edward Jones does not
discriminate on the basis of race, color, gender, religion,
national origin, age, disability, sexual orientation, pregnancy,
veteran status, genetic information or any other basis prohibited
by applicable law.
At Edward Jones, we value and respect our associates and their
contributions, and we recognize individual efforts through a
rewards program that promotes a long-term career, financial
security and well-being. Visit our career site to learn more about
our total compensation approach, which in addition to base salary,
typically includes benefits, bonuses and profit sharing. The salary
range for this role is based on national data and actual pay is
based on skills, experience, education, and other relevant factors
for a potential new associate: Salary: $106916 - $182047
Category: Headquarters
Keywords: EDWARD JONES, Springfield , Senior Security Platform Engineer, Engineering , Duke, Missouri
Click
here to apply!
|