Application Security Engineer

Who We’re Looking For:The State Street Cyber Security Architecture & Engineering team is seeking an accomplished professional with proven expertise in Application Security (AppSec) and DevSecOps. The ideal candidate will have hands-on experience in application security, build, and release management, secure software development lifecycle (SSDLC), and the automation of security processes within CI/CD pipelines. Familiarity with general automation practices is essential. The ideal candidate will show eagerness to learn and grow in all aspects of technical solutioning and will design, implement, and support agile solutions and processes leveraged by a large number of applications hosted in our environment.What you will be responsible forHelp build our DevSecOps & AppSec Strategy to integrate cybersecurity into the organizational adoption and improvement of agile practices.Partner with Engineering teams to implement and operationalize DevSecOps, and AppSec principles and processes.Assist application teams with onboarding to the adopted security tools/technologies; working with vendors to troubleshoot the platform and issues related to such integrations.Assist development community to triage Static Application Security Testing (SAST) vulnerabilities, and partner to remediate the application security vulnerabilities.Deliver and communicate reporting via dashboard, and metrics.Develop and maintain application security and DevSecOps documentation.Assist in the audit processes and provide relevant documentation to close Audit findings.Work with teams to continuously improve DevSecOps, & Application Security processes and tools.Deliver tasks based on project objectives; technically support projects through to completion.What we valueThese skills will help you succeed in this role:Experience developing software in technologies such as Java, .Net, Python, and Node.js etc.Experience in cloud technologies such as Azure and AWS.Extensive experience in application security space including SAST, DAST, SCA and Container security scanning.Current information security certification, including Certified Information Systems Security Professional (CISSP).Experience with automation and orchestration tools, such as Ansible, Terraform, or Kubernetes, is valuable. Knowledge of Infrastructure as Code (IaC) principles and experience in automating deployment and management tasks in a hybrid cloud environment is beneficial.Proven technical solutioning experience with current and emerging technologies including, but not limited to: Agile Development, DevOps, Cloud Engineering, System Hardening, DevSecOps, Cybersecurity, Cloud Security.Excellent verbal and written communication skills across internal and external organizations.Ability to prioritize and manage several projects or priorities simultaneously.Education & Preferred QualificationsBachelor’s degree in information technology (IT), computer science, or related field with 6 years of relevant experience.Experience in software development and software development lifecycle (SDLC).Experience with application security tooling and its operations with modern CI/CD, and DevSecOps best practices.Experience partnering with Dev community to influence without authority to adopt application security best practices, and tooling.Security+ or other cybersecurity security certification.Experience with Agile and scrum practices.Salary Range: $120,000 - $202,500 AnnualThe range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.For a full overview, visit .About State StreetAcross the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.Discover more information on jobs at StateStreet.com/careersRead our CEO StatementJob Application Disclosure: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.