Current jobs related to Sr. Information Security Engineer - Charlotte, NC - First Horizon Bank

  • Sr. Information System Security Officer

    2 weeks ago

    Charlotte, NC, United States Oasys International Full time

    Who We Are: Oasys International, LLC (Oasys) is a rapidly expanding firm that has been recognized on Inc. 5000 magazine's list of the fastest-growing companies for five consecutive years. We are a dynamic organization dedicated to providing world-class technology consulting services through our team of expert technologists, consultants, engineers, and...

  • Sr. Information System Security Officer

    1 week ago

    Charlotte, NC, United States Oasys International Full time

    Who We Are: Oasys International, LLC (Oasys) is a rapidly expanding firm that has been recognized on Inc. 5000 magazine's list of the fastest-growing companies for five consecutive years. We are a dynamic organization dedicated to providing world-class technology consulting services through our team of expert technologists, consultants, engineers, and...

  • Sr. Information System Security Officer

    1 week ago

    Charlotte, NC, United States Oasys International Full time

    Who We Are: Oasys International, LLC (Oasys) is a rapidly expanding firm that has been recognized on Inc. 5000 magazine's list of the fastest-growing companies for five consecutive years. We are a dynamic organization dedicated to providing world-class technology consulting services through our team of expert technologists, consultants, engineers, and...

  • Information Security

    1 week ago

    Charlotte, NC, United States Artech Full time

    Introduction In this contingent resource assignment, you may consult on or participate in moderately complex initiatives and deliverables within Information Security Engineering. You will contribute to large-scale planning related to Information Security Engineering deliverables. Your role involves reviewing and analyzing moderately complex Information...

  • Information Security

    16 hours ago

    Charlotte, NC, United States Artech Full time

    Introduction In this contingent resource assignment, you may consult on or participate in moderately complex initiatives and deliverables within Information Security Engineering. You will contribute to large-scale planning related to Information Security Engineering deliverables. Your role involves reviewing and analyzing moderately complex Information...

  • Information Security Engineer 3

    1 week ago

    Charlotte, NC, United States Mindlance Full time

    Job Description: In this contingent resource assignment, you may: Consult on or participate in moderately complex initiatives and deliverables within Information Security Engineering and contribute to large-scale planning related to Information Security Engineering deliverables. Review and analyze moderately complex Information Security Engineering...

  • Information Security Engineer 3

    5 days ago

    Charlotte, NC, United States Mindlance Full time

    Job Description: In this contingent resource assignment, you may: Consult on or participate in moderately complex initiatives and deliverables within Information Security Engineering and contribute to large-scale planning related to Information Security Engineering deliverables. Review and analyze moderately complex Information Security Engineering...

  • Sr. Business Information Security Officer

    2 weeks ago

    Charlotte, NC, United States Bank of America Full time

    Sr. Business Information Security Officer Chicago, Illinois;Washington, District of Columbia; Charlotte, North Carolina; Denver, Colorado To proceed with your application, you must be at least 18 years of age. Acknowledge Refer a friend To proceed with your application, you must be at least 18 years of age. Acknowledge

  • Sr. Business Information Security Officer

    7 days ago

    Charlotte, NC, United States Bank of America Full time

    Sr. Business Information Security Officer Chicago, Illinois;Washington, District of Columbia; Charlotte, North Carolina; Denver, Colorado To proceed with your application, you must be at least 18 years of age. Acknowledge Refer a friend To proceed with your application, you must be at least 18 years of age. Acknowledge

  • Sr. Business Information Security Officer

    1 week ago

    Charlotte, NC, United States Bank of America Full time

    Sr. Business Information Security Officer Chicago, Illinois;Washington, District of Columbia; Charlotte, North Carolina; Denver, Colorado To proceed with your application, you must be at least 18 years of age. Acknowledge Refer a friend To proceed with your application, you must be at least 18 years of age. Acknowledge

Sr. Information Security Engineer

2 weeks ago

Charlotte, NC, United States First Horizon Bank Full time

Description

Position not eligible for sponsorship.

Locations: Onsite in Memphis, TN; Maryville, TN; Birmingham, AL; Lafayette, LA; New Orleans, LA; Charlotte, NC; Raleigh, NC; or Dallas, TX.

Summary

This role focuses on comprehensive application security testing and vulnerability management across the software development lifecycle. It involves conducting automated and manual scans using tools like Invicti, Veracode, and Burp Suite to identify and remediate security flaws in application code and open-source components. The position requires strong collaboration with development and DevOps teams, secure coding expertise in languages such as Java and Python, and adherence to compliance frameworks including NIST, PCI-DSS, and SOX. The ideal candidate brings over five years of hands-on experience in application security, secure development practices, and automation within CI/CD environments.

To leverage deep expertise in application security testing, secure coding, and vulnerability management to enhance the security posture of enterprise applications. The goal is to proactively identify and remediate security risks, integrate security into DevOps workflows, and ensure compliance with industry standards, while fostering a collaborative environment that empowers development teams to build secure software from the ground up.

Major Responsibilities:

Application Security Testing & Analysis:

  • Conduct SAST scans using Veracode to identify vulnerabilities in source code.

  • Conduct SCA scans using Veracode to identify vulnerabilities in open-source components.

  • Analyze scan results, identify root causes, and collaborate with developers to implement effective remediations.

  • Work with CI/CD pipelines to integrate security testing into DevOps workflows.

  • As-needed, conduct manual verification and secondary authenticated scans using Burp Suite to reduce false negatives.

Software Development & Secure Coding Knowledge:

  • Understand and evaluate vulnerabilities in Java, .NET, Python, and other application codebases.

  • Work with development teams to remediate security flaws in source code and follow secure coding practices.

  • Provide guidance on OWASP Top 10 and SANS 25 vulnerabilities, including how they arise, how to exploit them, and how to prevent them.

  • Able to perform scripting and coding in Java and Python as-needed for security engineering

Vulnerability Management & Compliance:

  • Ensure required DAST, SAST, and SCA release and periodic scanning is occurring and that scans and findings are addressed within SLA.

  • Review and approve false positives and mitigated-by-design requests for DAST, SAST, and SCA

  • Review and approve SDLC tasks (MME and SbD MUFG processes) for DAST, SAST, and SCA

  • Maintain compliance with NIST, PCI-DSS, FFIEC, SOX, CIS security frameworks.

  • Store and organize security artifacts in archives, following standardized documentation practices.

Services to be Performed

  • Security Collaboration & Process Improvement:

  • Work closely with developers, DevOps teams, and application owners to secure software at all stages of SDLC.

  • Work with Security teams to deploy security tools as IAC

  • Stay updated on the latest exploitation techniques, security research, and industry best practices.

  • Knowlegeable around securing cloud workloads and cloud instances within AWS, Google, and Azure.

  • Support the Cyber Incident Response Team (CIRT) in the effective detection, analysis, and containment of attacks

  • Design, test and develop specific content and alerting to identify threats against their critical assets

Qualifications:

  • Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience).

  • Relevant security certifications (e.g., OSCP, OSWE, GWAPT, CEH) are highly desirable.

  • 5+ years of experience in Application Security, Secure Development, DAST, and SAST.

  • Hands-on experience with DAST tools such as Veracode (Netsparker), AppScan, Burp Suite, Acunetix.

  • Experience with SAST tools like Veracode and Fortify.

  • Experience with Burp Suite performing manual testing

  • Strong knowledge of web security vulnerabilities (OWASP Top 10, SANS 25, MITRE ATT&CK).

  • Software development experience in Java, .NET, Python, or similar languages. Ability to perform scripting for security engineering.

  • Familiarity with secure software development life cycle (SSDLC) and CI/CD pipelines.

  • Experience with cloud security (AWS, Azure, Oracle Cloud) is a plus.

  • Scripting skills (Python, Bash, PowerShell) to automate security tasks.

  • Familiar with compliance regulations such as SOX, PCI-DSS, GLBA, and Federal Banking regulations

  • Produce weekly and monthly operational metrics

  • Work with vendors and internal customers to respond to escalations

  • Familiar with threat modeling and/or risk-based security testing techniques

Soft Skills:

  • Strong ability to collaborate with developers and provide security guidance in a constructive manner.

  • Excellent communication skills, including technical reporting and vulnerability documentation.

  • Analytical mindset with a passion for improving software security and reducing risk exposure.

Bonus Skills:

  • Experience with EnCase

  • Experience with reverse engineering malware

About Us

First Horizon Corporation is a leading regional financial services company, dedicated to helping our clients, communities and associates unlock their full potential with capital and counsel. Headquartered in Memphis, TN, the banking subsidiary First Horizon Bank operates in 12 states across the southern U.S. The Company and its subsidiaries offer commercial, private banking, consumer, small business, wealth and trust management, retail brokerage, capital markets, fixed income, and mortgage banking services. First Horizon has been recognized as one of the nation's best employers by Fortune and Forbes magazines and a Top 10 Most Reputable U.S. Bank. More information is available at www.FirstHorizon.com (https://urldefense.com/v3/__https:/www.firsthorizon.com/__;Cz2fjcuEhpq9hPnrucZCPIAVPojVESItIq-FPzhurNdCrQ3JE8Rkx3gMd70nIk6_kmPxl66_oJCEsXs0gNunPowMAMHCmBYPOtUxUGI$) .

Benefit Highlights

• Medical with wellness incentives, dental, and vision

• HSA with company match

• Maternity and parental leave

• Tuition reimbursement

• Mentor program

• 401(k) with 6% match

• More -- FirstHorizon.com/First-Horizon-National-Corporation/Careers/Our-Benefits

Follow Us

Facebook (https://www.facebook.com/FirstHorizonBank)

X formerly Twitter

LinkedIn (http://www.linkedin.com/company/first-horizon-bank)

Instagram

YouTube (https://www.youtube.com/channel/UCEVs5OMj-b0H9Dr5Q209_-Q)

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

This employer is required to notify all applicants of their rights pursuant to federal employment laws.

For further information, please review the Know Your Rights (https://www.eeoc.gov/poster) notice from the Department of Labor.