ProSight Financial Association is looking for an Application Security Engineer to champion a secure-by-design culture. You will partner with software engineers to establish and enforce secure coding practices, define security best practices, and ensure security is a core tenet from design through deployment, empowering leaders to strengthen the financial services industry.

What You'll Do

Collaborate with developers and operations teams to anticipate security vulnerabilities, assess risks, develop mitigation strategies, and integrate security measures throughout the entire application development process.
Lead application security reviews and threat modeling efforts, including code reviews, dynamic testing, penetration testing, hacker simulations, and reviewing applications against the OWASP Top 10.
Integrate security tools and processes into the DevOps pipeline to automate security checks and scans, identifying and fixing vulnerabilities early.
Establish and maintain secure coding standards and best practices and provide guidance and training to development teams.
Partner with development, DevOps, and IT teams to ensure security measures are implemented effectively in production environments.
Help manage security incident response and recovery processes, including impact assessment, remediation, root cause analysis, and preventative measures.
Define, develop, and present key application security metrics, identify critical issues proactively, and communicate them effectively to stakeholders.
Ensure compliance with relevant security regulations and standards, especially those pertinent to banking and finance.
Stay current with the latest security threats, trends, and countermeasures to keep the organization's applications protected.

What We're Looking For

Bachelor’s degree in computer science or a related field.
5+ years of experience executing application security testing methodologies (e.g., SAST, SCA, DAST).
Strong understanding of OWASP Top 10, NIST guidelines, common security vulnerabilities, and best practices.
Experience with intrusion detection systems and vulnerability scanners.
Experience integrating security tools and processes into the DevOps pipeline.
Experience developing software using .NET, C#, T-SQL, stored procedures, React, etc.
Experience with Azure, including Entra External ID, cloud-native microservices, Kubernetes, and Docker.
Experience with HTML, JavaScript and CSS.
Ability to communicate effectively with both technical and non-technical stakeholders.
Ability to work in the Chicago office periodically is required.

Nice to Have

Experience with DevOps practices and networking.
Relevant certifications such as CISSP, CSSLP, OSCP, CEH, or Azure Security Engineer Associate.
Experience using AI tools to accelerate or improve software development processes and an understanding of the risks of using generative AI or machine learning.
Experience with agile software development methodologies.
Experience with e-learning/online learning, policy management, and/or governance risk and compliance.
Familiarity with the financial services/banking industry.