ProSight Financial Association is looking for an Application Security Engineer to champion a secure-by-design culture. You will partner with software engineers to establish and enforce secure coding practices, define security best practices, and ensure security is a core tenet from design through deployment, empowering leaders to strengthen the financial services industry.
What You'll Do
- Collaborate with developers and operations teams to anticipate security vulnerabilities, assess risks, develop mitigation strategies, and integrate security measures throughout the entire application development process.
- Lead application security reviews and threat modeling efforts, including code reviews, dynamic testing, penetration testing, hacker simulations, and reviewing applications against the OWASP Top 10.
- Integrate security tools and processes into the DevOps pipeline to automate security checks and scans, identifying and fixing vulnerabilities early.
- Establish and maintain secure coding standards and best practices and provide guidance and training to development teams.
- Partner with development, DevOps, and IT teams to ensure security measures are implemented effectively in production environments.
- Help manage security incident response and recovery processes, including impact assessment, remediation, root cause analysis, and preventative measures.
- Define, develop, and present key application security metrics, identify critical issues proactively, and communicate them effectively to stakeholders.
- Ensure compliance with relevant security regulations and standards, especially those pertinent to banking and finance.
- Stay current with the latest security threats, trends, and countermeasures to keep the organization's applications protected.
What We're Looking For
- Bachelor’s degree in computer science or a related field.
- 5+ years of experience executing application security testing methodologies (e.g., SAST, SCA, DAST).
- Strong understanding of OWASP Top 10, NIST guidelines, common security vulnerabilities, and best practices.
- Experience with intrusion detection systems and vulnerability scanners.
- Experience integrating security tools and processes into the DevOps pipeline.
- Experience developing software using .NET, C#, T-SQL, stored procedures, React, etc.
- Experience with Azure, including Entra External ID, cloud-native microservices, Kubernetes, and Docker.
- Experience with HTML, JavaScript and CSS.
- Ability to communicate effectively with both technical and non-technical stakeholders.
- Ability to work in the Chicago office periodically is required.
Nice to Have
- Experience with DevOps practices and networking.
- Relevant certifications such as CISSP, CSSLP, OSCP, CEH, or Azure Security Engineer Associate.
- Experience using AI tools to accelerate or improve software development processes and an understanding of the risks of using generative AI or machine learning.
- Experience with agile software development methodologies.
- Experience with e-learning/online learning, policy management, and/or governance risk and compliance.
- Familiarity with the financial services/banking industry.
Technical Stack
- Backend: .NET, C#, T-SQL, Stored Procedures
- Frontend: React, HTML, JavaScript, CSS
- Cloud & Infrastructure: Azure, Entra External ID, Kubernetes, Docker
Team & Environment
You will report directly to the Director of Product Development & Operations.
Benefits & Compensation
- Compensation: $110,000 - $140,000
- Comprehensive insurance coverage
- 401(k) plan with company match
- Flexible paid time off
- Hybrid and remote working models
- Tuition assistance
- Collaborative, team-oriented environment
Work Mode
This is a hybrid position located in Chicago, IL, requiring periodic work in the office.
ProSight Financial Association is an equal opportunity employer.
