Application Security Programmer-Engineer - Vice President

The State Street Cyber Security Architecture & Engineering team is seeking an accomplished professional with proven expertise in Application Security (AppSec) and DevSecOps. The ideal candidate will have hands-on experience in application security, build, and release management, secure software development lifecycle (SSDLC), and the automation of security processes within CI/CD pipelines. Familiarity with general automation practices is essential. The ideal candidate will show eagerness to learn and grow in all aspects of technical solutioning and will design, implement, and support agile solutions and processes leveraged by a large number of applications hosted in our environment.

What you will be responsible for:

• Help build our DevSecOps & AppSec Strategy to integrate cybersecurity into the organizational adoption and improvement of agile practices.
• Partner with Engineering teams to implement and operationalize DevSecOps, and AppSec principles and processes.
• Assist application teams with onboarding to the adopted security tools/technologies; working with vendors to troubleshoot the platform and issues related to such integrations.
• Assist development community to triage Static Application Security Testing (SAST) vulnerabilities, and partner to remediate the application security vulnerabilities.
• Deliver and communicate reporting via dashboard, and metrics.
• Develop and maintain application security and DevSecOps documentation.
• Assist in the audit processes and provide relevant documentation to close Audit findings.
• Work with teams to continuously improve DevSecOps, & Application Security processes and tools.
• Deliver tasks based on project objectives; technically support projects through to completion.

What we value:

• Experience developing software in technologies such as Java, .Net, Python, and Node.js etc.
• Experience in cloud technologies such as Azure and AWS.
• Extensive experience in application security space including SAST, DAST, SCA and Container security scanning.
• Current information security certification, including Certified Information Systems Security Professional (CISSP).
• Experience with automation and orchestration tools, such as Ansible, Terraform, or Kubernetes, is valuable.
• Knowledge of Infrastructure as Code (IaC) principles and experience in automating deployment and management tasks in a hybrid cloud environment is beneficial.
• Proven technical solutioning experience with current and emerging technologies including, but not limited to: Agile Development, DevOps, Cloud Engineering, System Hardening, DevSecOps, Cybersecurity, Cloud Security.
• Excellent verbal and written communication skills across internal and external organizations.
• Ability to prioritize and manage several projects or priorities simultaneously.

Education & Preferred Qualifications:

• Bachelor's degree in information technology (IT), computer science, or related field with 6 years of relevant experience.
• Experience in software development and software development lifecycle (SDLC).
• Experience with application security tooling and its operations with modern CI/CD, and DevSecOps best practices.
• Experience partnering with Dev community to influence without authority to adopt application security best practices, and tooling.
• Security+ or other cybersecurity security certification.
• Experience with Agile and scrum practices.

Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success. We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you'll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.