Share this Job

Title:  Application Security Engineer

Job ID:  1935
Location: 

Dallas, TX, US

Category:  Information Technology
Description: 

Donnelley Financial Solutions (DFIN) is a leader in risk and compliance solutions, providing insightful technology, industry expertise and data insights to clients across the globe. We’re here to help you make smarter decisions with insightful technology, industry expertise and data insights at every stage of your business and investment lifecycles. As markets fluctuate, regulations evolve and technology advances, we’re there. And through it all, we deliver confidence with the right solutions in moments that matter. 

Location

We are accepting non-local / remote candidate for this role.

Position Summary

Application Security Engineer will functionally support product engineering and development teams to secure company’s SaaS products portfolio. Application Security Engineer will be responsible for assessing and understanding the security posture and attack surface of all DFIN products, and for assistance in the development of the appropriate security controls.

Responsibilities

Work is typically conducted unsupervised with only direction given in terms of desired outcomes. Able to understand the business strategy and goals to execute key duties and responsibilities to meet goals and objectives. Must be able to re-define processes if needed and provide subject matter expertise when working on assignments that typically are enterprise reaching or have high visibility for the organization.

• Develop and maintain security process documentation and all Information Security Policies. Keep policies up to date with changing technology and to address new security vulnerabilities.
• Manage RFP responses for Information Security audits from customers and initiate Information Security audits and protocols with vendors.
• Performs monitoring, periodic reports and reviews, and follow-up activities to ensure that the security systems are operational, effective and are in compliance with all policies and standards. ?
• Apply internal control concepts in a wide variety of information technology processes and appropriately assess the exposures resulting from ineffective or missing control practices.
• Serves as an internal information security consultant to Donnelley Financial Solutions, advising internal business units with current information about information security technologies, new security threats and security related regulatory issues.
• Oversees and/or audits the security of databases and data transferred both internally and externally.?
• Within the area of assigned responsibilities, provides direct training to all employees, contractors, alliances, or other third parties, ensuring proper information access in accordance with established organizational information security policies and procedures
• Performs other related duties and participates in special projects as assigned.

Required Skills

  • Bachelor degree with 5+ years of relevant work experience OR demonstrated ability to meet the job requirements through a comparable number of years of applicable work experience and education
  • Self-driven, highly motivated with a strong customer focus
  • Strong analytical and problem-solving skills
  • Solid project management skills, especially in a cross-functional environment
  • Familiarity with Agile/Scrum methodologies and associated tools
  • Prior exposure to modern CI/CD pipelines including tools and technologies such as Azure DevOps (former VSTS), GitHub, Jenkins and others
  • Must have a “breaker” mentality, but be effective at designing the mitigating controls
  • Ability to develop technical (XSS, etc.) and functional (fraud, etc.) abuse test cases
  • Working knowledge of vulnerability management and penetration testing tools such as NMAP, Core Security, Burp, ZAP, Rapid7 Nexpose, Kali Linux, or Metasploit
  • Working knowledge of NIST framework, Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM)

Required Skills (Cont.)

  • Solid understanding of OWASP security concepts and common application security risks, such as XSS, CSRF, SQL Injection, Cookie Manipulation, etc.
  • Solid understanding of fundamental application security building blocks such as: authentication, authorization, data validation, encryption, exception handling and logging
  • Solid understanding of leading cloud platforms such as MS Azure and Amazon AWS, their inherent security risks and relevant security controls
  • Solid understanding of the micro-services, containerization technologies (Docker, Kubernetes) and associated security technologies/controls (Aqua, Twistlock and others)
  • Experience with one of the market leading SAST/DAST/IAST tools such as Checkmarx, Veracode, Rapid7 AppSpider, IBM AppScan or HP/Microfocus Fortify
  • Experience with one of the programming languages and/or programming frameworks such as C#, JavaScript, .Net or others

It is the policy of Donnelley Financial Solutions to select, place and manage all its employees without discrimination based on race, color, national origin, gender, age, religion, actual or perceived disability, veteran's status, actual or perceived sexual orientation, genetic information or any other protected status. 

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access jobs.dfinsolutions.com as a result of your disability.  You can request a reasonable accommodation by sending an email to AccommodationRequest@dfinsolutions.com#TalentknowsTalent

 


Nearest Major Market: Dallas
Nearest Secondary Market: Fort Worth

Job Segment: Developer, Linux, SQL, Database, Project Manager, Technology