Offer summary

Qualifications:

Bachelor’s Degree in Computer Science or related field preferred., 5+ years of experience in application security, application development, and DevSecOps., Proficient in multiple programming languages and security tools., OSWE, GWAPT or similar certification preferred..

Key responsibilities:

Lead Cybersecurity efforts and apply application security testing expertise.

Design and implement SDLC practices including code reviews and vulnerability assessments.

Conduct code reviews and create secure coding practices guidelines for developers.

Collaborate with development teams to identify and remediate application security risks.

Job description

Join TriumphX!

TriumphX, a member of the Triumph Financial portfolio of brands, provides a concentration of technology and project management resources the members of the Triumph Financial portfolio of brands – TriumphPay, Triumph and TBK Bank – via a shared service model. We’re looking for top tech and project management talent to analyze, recommend and build strategic solutions that support Triumph Financial’s mission to become a world-class, market-leading financial and technology company.

Lead Application Security Engineer

In this role you will lead Cybersecurity and apply technical application security testing expertise to assist in identifying application vulnerabilities. As a Lead Application Security Engineer we hope you possess a solid understanding of application security assessments, code reviews, penetration testing, and vulnerability management. You'll also require for this technical role the responsibility of serving as subject matter expert in product security architecture, security testing, secure design review and security engineering.

A Day in the Life:

Design and implement SDLC practices including code reviews, static/dynamic code analysis and vulnerability assessments.
Familiarity with application architecture design, web application security, mobile application security, API and micro service security, network/infrastructure security, source code scanning.
Understand application's architecture, identifying potential attack vectors, and devising strategies to mitigate these threats.
Conduct code reviews to identify potential security vulnerabilities and advise on remediation strategies.
Create secure coding practices guidelines that developers follow to avoid vulnerabilities and security flaws in their code.
Implement various types of scanning (SAST, DAST, SCA, etc.) into the CI/CD pipelines and ensure results are appropriately surfaced to developers.
Develop security related libraries used in the environment.
Collaborate with developers and conduct regular security assessments.
Develop security integrations to be used in CI/CD pipeline and for development teams.
Work with development teams to ensure that application security risks are identified and remediated in a timely manner while maintaining a balance between security & usability.
Consult and train developers on secure coding practices and ensure development teams are validating for OWASP.
Triage vulnerabilities from dynamic and static scanning tools with development teams
Perform web application penetrating testing.
Implement security strategies to mature the OWASP software assurance maturity model.
Manage and tune web application firewalls.
Design and implement technologies to automate security processes.
Consult on secure architecture, least privileged design, threat mitigations, and security standard methodologies.
Other duties as assigned.

To Succeed in this role you'll need:

Bachelor’s Degree in Computer Science or related field is preferred.
5+ years of experience in application security, application development and DevSecOps.
Proficient in multiple programming languages and understand the intricacies and potential security flaws inherent in different languages.
Proficiency with security tools and technologies include static analysis tools, dynamic analysis tools, and penetration testing tools.
OSWE, GWAPT or similar certification is preferred.
Communicate and present security concepts to technical and non-technical audiences.
Knowledge with SOX and SOC2 compliance is a plus.
Knowledge of AWS and Kubernetes or related cloud / container technologies is preferred.
Experience with identity lifecycle management and federation technologies such as SAML.
Knowledge of Docker, Kubernetes, Jenkins and Github.
Extensive knowledge of the OWASP Top 10.

Certification Preferences:

Preferably, one or more of the following: GWEB, CSSLP, GPEN, or CRISC.

Additional skills you must have:

Ability to function with moderate supervision.
Strong interpersonal skills.
Quality written and oral communication, and presentation skills.
Critical thinking and problem-solving skills.
Attention to detail.
Commitment to operational excellence and continuous process improvement.
Willingness to expand and apply security knowledge, skills, and abilities to department initiatives.
Remote U.S. excluding the following states: AK, DE, ID, ND, RI, VT, WY***

Comp Range: 168,400 - 272,800.00

We offer Medical, Dental, Vision, Paid Time Off, 401k and much more.

Go on. Do it. Apply Today!

Required profile