Application Security Engineer (Donnelley Financial LLC; Chicago, IL): Functionally support product engineering and development teams to secure company’s SaaS products portfolio. Assess and understand the security posture and attack surface of all DFIN products, and for assistance in the development of the appropriate security controls. Conduct security assessments, security penetration testing, and validation of test results. Provide security insights to vulnerability scan/pen test results. Work closely with development teams to assess the security posture/risk of the product features being developed. Perform architectural risk analysis, threat modeling, secure design and source code review. Effectively manage relationship with external application security and penetration testing partners. Incorporate security tools and tasks into automated product development and deployment lifecycle (SAST/DAST/IAST integration into CI/CD pipeline). Provide expert knowledge and guidance to the product development teams about security vulnerabilities and applicable remediation paths. Serve as a critical resource to ensuring each DFIN product is developed in alignment with industry-leading Secure Product/Software Development standards. Participate in development of the DFIN Application Security Standards, best practices and associated metrics. 40 hrs/wk, 9:00 am – 5:00 pm.
Master's degree in Computer Science or a related field and 3 years of related work experience.
Must also have at least 2 years of experience in each of the following:
- Developing technical (XSS) and functional (fraud) abuse test cases;
- Using CI/CD pipelines including tools and technologies such as Azure DevOps (former VSTS), Github, And Jenkins:
- Applying OWASP security concepts to common application security risks including XSS, CSRF, SOL Injection, and Cookie Manipulation;
- Utilizing vulnerability management and penetration testing tools such as NMAP, Core Security, Burp, Zap, Rapid7 Nexpose, Kali Linux, and Metasploit;
- Demonstrating knowledge of NIST framework, Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM);
- Deploying fundamental application security building blocks such as: authenticatin, authorization, data validation, encryption, exception handling and logging; and
- Utilizing SAST/DAST/IAST tools such as Checkmarx, Veracode, Rapid 7 AppSpider, IBM AppScan and HP/Microfocus Fortifty.
Must have at least 1 year of experience in the following:
- Analyzing the inherent security risks of cloud platforms such as MS Azure and Amazon AWS and developing relevant security controls.
Up to 10% travel required. 100% telecommuting permitted. Applicant may reside anywhere in the U.S.A.
How to apply:
To apply, please visit https://jobs.dfinsolutions.com/ and search Job ID 2467.
This notice is provided as a result of the filing of an application for permanent alien labor certification for the relevant job opportunity, in compliance with 20 CFR 656.10(d). Any person may provide documentary evidence bearing on the application to the Certifying Officer of the U.S. Department of Labor holding jurisdiction over the location of the proposed employment. Contact information for these offices can be found on the Internet at:
U.S. Department of Labor
Employment and Training Administration
Office of Foreign Labor Certification
200 Constitution Avenue NW, Room N- 5311
Washington DC 20210