Senior Application Security Engineer

Summary

The Sr. Application Security Engineer is responsible for the secure design and testing of internally developed software and deeply understands security principles, technologies, and methodologies. The Sr Application Security Engineer works with software development teams from design to code implementation, ensuring security is included in the complete software development life cycle. The ideal candidate is experienced in cybersecurity, software development, and automation tools and is comfortable writing script languages.

Essential Duties & Responsibilities

• Perform application security testing using automated tools such as SAST, SCA, and DAST.
• Evaluate automation testing results for accuracy and assign priority based on risk.
• Communicate the nature and severity of security concerns to development teams.
• Provide technical guidance and direction to remediation security weaknesses.
• Conduct threat modeling exercises to identify threats and create security requirements.
• Deploy and manages security tools to reduce software security risks.
• Identify gaps and propose solutions to increase security efficiency and effectiveness.
• Assist in recommending and scheduling secure code development training courses.
• Assist in documenting secure code guidelines, best practices, and procedures.
• Assist in the development of technical solutions to mitigate security vulnerabilities.
• Assist in the development of processes and solutions to automate repeatable tasks.
• Stays current on cyber security threats and prevention methods.

Qualifications

• Working knowledge of cloud computing and associated security risks.
• Experience with threat modeling and application security risk assessments.
• Strong analytical and problem-solving skills with the ability to identify and mitigate security risks.
• Ability to effectively communicate technical topics to technical and non-technical audiences.
• Understanding of application security principles, methods, and technologies.
• Ability to prioritize workload and consistently meet deadlines.
• Security architecture, threat modeling, secure design.
• Experience conducting security assessments and developing remediation strategies.

Education & Experience

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or related field; or a related combination of education and experience.
• 6 years combined information security and software development experience.

Systems & Technology

• Experience with application security testing, such as SAST, DAST, and SCA.
• C#, Angular, and Python programming experience preferred.
• Experience in cloud platforms, AWS or Microsoft Azure preferred.
• Security certification CISSP, CSSLP, GIAC, or similar preferred.

About Stifel

Stifel is a more than 130 years old and still thinking like a start-up.  We are a global wealth management and investment banking firm serious about innovation and fresh ideas.  Built on a simple premise of safeguarding our clients’ money as if it were our own, coined by our namesake, Herman Stifel, our success is intimately tied to our commitment to helping families, companies, and municipalities find their own success.

While our headquarters is in St. Louis, we have offices in New York, San Francisco, Baltimore, London, Frankfurt, Toronto, and more than 400 other locations.  Stifel is home to approximately 9,000 individuals who are currently building their careers as financial advisors, research analysts, project managers, marketing specialists, developers, bankers, operations associates, among hundreds more.  Let’s talk about how you can find your place here at Stifel, where success meets success.

At Stifel we offer an entrepreneurial environment, comprehensive benefits package to include health, dental and vision care, 401k, wellness initiatives, life insurance, and paid time off.

Stifel is an Equal Opportunity Employer.