Application Security Engineer II
3 days ago
“I can succeed as an Application Security Engineer at CG”
As the Application Security (“AppSec”) Engineer you are an individual contributor in the Capital Group (CG) AppSec team. The CG AppSec team is part of Information Security in CG’s Information Technology Group. In the role you will be reviewing the architectures and performing threat models, code reviews, validating cloud configurations, and validating the DAST, SAST, and SCA findings for web applications. You will be doing code reviews (Java, TypeScript/JavaScript, Python, Terraform) and creating POCs for DAST tooling where required or collaborating with the penetration testers, as appropriate. The team members are geographically dispersed with varying experience levels. You will help the teams understand how to fix issues and provide best practices or appropriate compensating controls. In this role, you will be using threat modeling tools, static analysis tools, cloud configuration tools. If you are good at software security, this role is for you. This role is hybrid (in-office 3 days/week) and can be in Los Angeles CA, Irvine CA, San Antonio TX, or New York NY depending on candidate current location and/or preference.
A typical day in the life of the AppSec engineer may look like the following:
- You will be performing AppSec reviews including threat modeling, and code reviews
- You will be meeting with the software development teams to understand a new application they are building and providing them with feedback on their architecture
- You leverage SAST, DAST, SCA tools to create findings and translating them to severity of risks to perform this in Capital Group’s technology environment
- You will write clear, succinct and effective technical documentation summarizing your findings, risks, and recommendations.
- You will write automated proof-of-concepts, and automated security tests by authoring security testing tools where needed
- You will collaborate with technology stakeholders and advise on risks for technology solutions such as SaaS services and how they integrate with CG’s environment
- You will communicate effectively and have an empathetic outlook towards development teams by authoring clear, actionable guidance on writing secure code.
- You will effectively present to development teams educating them on secure development.
“I am the person Capital Group is looking for.”
- You have a bachelor's degree in computer science, a related field, or equivalent experience and 2 years of experience or more
- You understand threat modeling, code reviews, network security, TCP/IP, DNS, TLS, HTTP, etc.
- You have experience with technologies such as Threat modeler/Threat Dragon, Scoutsuite, Veracode, Checkmarx, Netsparker, DAST scanners like Burpsuite
- You have the ability to automate tasks in Python, bash, Java, C/C#/C++, Rust, etc.
- You have a strong understanding of attacks in AWS, Azure, OAuth.
- You have excellent communication skills (written, oral), with the ability to simplify and document complex technical details to both technical and non-technical audiences.
- You can learn quickly and have a track record of developing a deep understanding of systems and risks to the business.
- You can work independently and take the initiative to drive security initiatives forward.
- You can juggle multiple tasks and coordinate/delegate to achieve speedy resolutions to application security-related security incidents working with Security operations.
Southern California Base Salary Range: $103,977-$166,363
San Antonio Base Salary Range: $85,477-$136,763
New York Base Salary Range: $110,221-$176,354
In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital’s annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings.
You can learn more about our compensation and benefits here.
- Temporary positions in Canada and the United States are excluded from the above mentioned compensation and benefit plans.
We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.
-
Software Engineer II
4 weeks ago
New York, United States Abnormal Security Full timeJob DescriptionJob DescriptionAbout the RoleAbnormal Security is hiring a Software Engineer to join the Threat Response Engine team, an essential part of our mission to protect global enterprises from diverse and evolving email threats. At Abnormal, we've taken a novel approach to email security, utilizing behavioral AI to identify and counter complex...
-
Application Security Engineer
2 weeks ago
New York, United States Alloy Full timeAlloy is where you belong! Alloy solves the identity risk problem for companies that offer financial products by enabling them to outpace fraud and confidently serve more people around the world. Banks and Fintechs turn to Alloy to take control of fraud, credit, and compliance risk, and grow with the clearest picture of their customers. Through our values:...
-
Security Engineer II
2 weeks ago
New Baden, United States Paragon Technology Full timeJob DescriptionJob DescriptionThe Security Engineer II provides technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and security implementation. Responsible for designing and implementing solutions for protecting the confidentiality, integrity and availability of sensitive information. Provides...
-
Application Security Engineer
4 months ago
New York, United States Sirius XM Radio Inc Full timeWho We Are: SiriusXM and its brands (Pandora, SiriusXM Media, AdsWizz, Simplecast, and SiriusXM Connect) are leading a new era of audio entertainment and services by delivering the most compelling subscription and ad-supported audio entertainment experience for listeners -- in the car, at home, and anywhere on the go with connected devices. Our vision is to...
-
Senior Application Security Engineer
2 months ago
New York, United States Emergent365 Full timeSenior Application Security Engineer*This position is highly technical. As a Senior Application Security Engineer, your role involves close collaboration with software development teams to ensure the safety of our customers during the development of innovative services. On any given day, your tasks may include code inspections to identify security issues,...
-
Application Security Engineer
4 days ago
New York, United States InterSources Full timeJob Title: Senior Application Security Engineer Work Location: New York, NY Duration: 12 months contractPosition Summary: Hours: THIS POSITION WILL ALLOW 35.00 - HOURS PER WEEKMANDATORY SKILLS/EXPERIENCE 12 years of experience in application security, with a proven track record of conducting vulnerability assessments, penetration testing, and secure code...
-
Senior Application Security Engineer
6 hours ago
New York, United States Disability Solutions Full timeABOUT THE ROLEThe Senior Application Security Engineer is instrumental in ensuring Peloton's applications, services and systems are implemented and secured with industry standard processes. The candidate will help define and mature the application security program, security policy and standards and will coordinate with engineering and platform partners to...
-
Senior Application Security Engineer
2 weeks ago
New York, United States Tbwa ChiatDay Inc Full timeHeadway’s mission is a big one – to build a new mental health care system everyone can access. We’ve built technology that helps people find great therapists with the first software-enabled national network of providers accepting insurance.1 in 4 people in the US have a treatable mental health condition, but the majority of providers don’t accept...
-
Senior Application Security Engineer
1 month ago
new york city, United States Emergent365 Full timeSenior Application Security Engineer*This position is highly technical. As a Senior Application Security Engineer, your role involves close collaboration with software development teams to ensure the safety of our customers during the development of innovative services. On any given day, your tasks may include code inspections to identify security issues,...
-
Senior Application Security Engineer
2 months ago
new york city, United States Emergent365 Full timeSenior Application Security Engineer*This position is highly technical. As a Senior Application Security Engineer, your role involves close collaboration with software development teams to ensure the safety of our customers during the development of innovative services. On any given day, your tasks may include code inspections to identify security issues,...
-
Senior Web Application Engineer
6 days ago
New York, New York, United States Walrus Security, Inc Full timeAbout Walrus Security, Inc.Walrus Security, Inc. is the industry leader in B2B payment verification, working with some of the most prominent names in venture capital and private equity.The B2B payments industry is projected to reach $1T+ in value, with digitization and faster settlement driving growth. However, this expansion also brings increased risk of...
-
Security Engineer, XRM
1 month ago
New York, United States META Full timeSummary: The Meta Security team is responsible for improving the security posture of the software and services used throughout our company. Our work spans Facebook, Instagram, WhatsApp, Oculus, and all of the underlying systems and infrastructure that power these products behind the scenes.We are seeking a passionate and experienced security engineer to...
-
Senior Application Security Engineer New
4 weeks ago
New York, United States Tbwa ChiatDay Inc Full timeHeadway’s mission is a big one – to build a new mental health care system everyone can access. We’ve built technology that helps people find great therapists with the first software-enabled national network of providers accepting insurance.1 in 4 people in the US have a treatable mental health condition, but the majority of providers don’t accept...
-
Cloud Security Engineer with UI Focus
5 days ago
New York, New York, United States Armis Security Full timeSecure the Future of Cyber Exposure ManagementAt Armis Security, we're revolutionizing the way organizations protect their attack surface and manage cyber risk exposure in real-time. As a Senior Full Stack Engineer on our team, you'll have the opportunity to make a significant impact in an important field while maintaining a healthy work-life balance.About...
-
Software Engineer II, Cloud Infrastructure
4 weeks ago
New York, United States Abnormal Security Full timeJob DescriptionJob DescriptionAbout The RoleAbnormal Security is looking for a Software Engineer to join the Cloud Infrastructure team. This team is responsible for Abnormal's presence in the public cloud and ensuring our use of the cloud is secure, reliable, and repeatable while meeting the needs of our engineering team.This role includes responsibility...
-
Software Engineer II, Cloud Infrastructure
4 weeks ago
New York, United States Abnormal Security Full timeJob DescriptionJob DescriptionAbout The RoleAbnormal Security is looking for a Software Engineer to join the Cloud Infrastructure team. This team is responsible for Abnormal's presence in the public cloud and ensuring our use of the cloud is secure, reliable, and repeatable while meeting the needs of our engineering team.This role includes responsibility...
-
Security Engineer, XRM
4 weeks ago
New York, United States META Full timeSummary: The Meta Security team is responsible for improving the security posture of the software and services used throughout our company. Our work spans Facebook, Instagram, WhatsApp, Oculus, and all of the underlying systems and infrastructure that power these products behind the scenes.We are seeking a passionate and experienced security engineer to help...
-
Principal Associate, Application Security Engineer
2 months ago
New York, United States Capital One Full timeCenter 3 (19075), United States of America, McLean, VirginiaPrincipal Associate, Application Security EngineerApplication security is one of our highest priorities at Capital One. As a Capital One customer, you benefit from an environment built to meet the requirements of one of the most security-sensitive organizations in not only the financial industry,...
-
Head of Application Security
2 months ago
New York, United States MarketAxess Full timeAbout Us MarketAxess is on a journey to digitally transform one of the world’s largest financial markets, enabling the shift from analog, phone-based trading to a fully electronic marketplace. Why does this matter? Because our platform makes trading fixed-income more accessible, ultimately improving transparency, efficiency, and competition in the...
-
NEW YORK, United States Capital One Careers Full timeCenter 3 (19075), United States of America, McLean, VirginiaPrincipal Associate, Application Security EngineerApplication security is one of our highest priorities at Capital One. As a Capital One customer, you benefit from an environment built to meet the requirements of one of the most security-sensitive organizations in not only the financial industry,...