Application Security Engineer

Company: Donnelley Financial Solutions
Location: Downers Grove
Posted on: April 4, 2021

Job Description:

Donnelley Financial Solutions (DFIN) is a leader in risk and compliance solutions, providing insightful technology, industry expertise and data insights to clients across the globe. We're here to help you make smarter decisions with insightful technology, industry expertise and data insights at every stage of your business and investment lifecycles. As markets fluctuate, regulations evolve and technology advances, we're there. And through it all, we deliver confidence with the right solutions in moments that matter.--LocationWe are accepting non-local / remote candidate for this role. Position SummaryApplication Security Engineer will functionally support product engineering and development teams to secure company's SaaS products portfolio. Application Security Engineer will be responsible for assessing and understanding the security posture and attack surface of all DFIN products, and for assistance in the development of the appropriate security controls. ResponsibilitiesConduct security assessments, security penetration testing and validation of test results Provide security insights to vulnerability scan/pen test resultsWorking closely with development teams to assess the security posture/risk of the product features being developedPerform architectural risk analysis, threat modeling, secure design and source code reviewEffectively manage relationship with external application security and penetration testing partnersIncorporate security tools/tasks into automated product development and deployment lifecycle (SAST/DAST/IAST integration into CI/CD pipeline)Provide expert knowledge and guidance to the product development teams about security vulnerabilities and applicable remediation pathsServe as a critical resource to ensuring each DFIN product is developed in alignment with industry-leading Secure Product/Software Development standardsParticipate in development of the DFIN Application Security Standards, best practices and associated metricsRequired SkillsBachelor degree with 5+ years of relevant work experience OR demonstrated ability to meet the job requirements through a comparable number of years of applicable work experience and educationSelf-driven, highly motivated with a strong customer focusStrong analytical and problem-solving skillsSolid project management skills, especially in a cross-functional environmentFamiliarity with Agile/Scrum methodologies and associated toolsPrior exposure to modern CI/CD pipelines including tools and technologies such as Azure DevOps (former VSTS), GitHub, Jenkins and othersMust have a "breaker" mentality, but be effective at designing the mitigating controlsAbility to develop technical (XSS, etc.) and functional (fraud, etc.) abuse test cases Working knowledge of vulnerability management and penetration testing tools such as NMAP, Core Security, Burp, ZAP, Rapid7 Nexpose, Kali Linux, or MetasploitWorking knowledge of NIST framework, Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM)Required Skills (Cont.)Solid understanding of OWASP security concepts and common application security risks, such as XSS, CSRF, SQL Injection, Cookie Manipulation, etc.Solid understanding of fundamental application security building blocks such as: authentication, authorization, data validation, encryption, exception handling and loggingSolid understanding of leading cloud platforms such as MS Azure and Amazon AWS, their inherent security risks and relevant security controlsSolid understanding of the micro-services, containerization technologies (Docker, Kubernetes) and associated security technologies/controls (Aqua, Twistlock and others)Experience with one of the market leading SAST/DAST/IAST tools such as Checkmarx, Veracode, Rapid7 AppSpider, IBM AppScan or HP/Microfocus FortifyExperience with one of the programming languages and/or programming frameworks such as C#, JavaScript, .Net or othersIt is the policy of Donnelley Financial Solutions to select, place and manage all its employees without discrimination based on race, color, national origin, gender, age, religion, actual or perceived disability, veteran s status, actual or perceived sexual orientation, genetic information or any other protected status.--If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access jobs.dfinsolutions.com as a result of your disability.-- You can request a reasonable accommodation by sending an email to AccommodationRequest@dfinsolutions.com.--#TalentknowsTalent--

Keywords: Donnelley Financial Solutions, Downers Grove , Application Security Engineer, Engineering , Downers Grove, Illinois