Application Security Engineer at DFIN

| Chicago
Sorry, this job was removed at 12:03 p.m. (CST) on Saturday, June 13, 2020
Find out who's hiring in Chicago.
See all Developer + Engineer jobs in Chicago

Donnelley Financial Solutions (DFIN) is a leader in risk and compliance solutions, providing insightful technology, industry expertise and data insights to clients across the globe. We’re here to help you make smarter decisions with insightful technology, industry expertise and data insights at every stage of your business and investment lifecycles. As markets fluctuate, regulations evolve and technology advances, we’re there. And through it all, we deliver confidence with the right solutions in moments that matter. 

Position Summary

Application Security Engineer will functionally support product engineering and development teams to secure company's SaaS products portfolio. Application Security Engineer will be responsible for assessing and understanding the security posture and attack surface of all DFIN products, and for assistance in the development of the appropriate security controls.

Responsibilities
  • Conduct security assessments, security penetration testing and validation of test results
  • Provide security insights to vulnerability scan/pen test results
  • Working closely with development teams to assess the security posture/risk of the product features being developed
  • Perform architectural risk analysis, threat modeling, secure design and source code review
  • Effectively manage relationship with external application security and penetration testing partners
  • Incorporate security tools/tasks into automated product development and deployment lifecycle (SAST/DAST/IAST integration into CI/CD pipeline)
  • Provide expert knowledge and guidance to the product development teams about security vulnerabilities and applicable remediation paths
  • Serve as a critical resource to ensuring each DFIN product is developed in alignment with industry-leading Secure Product/Software Development standards.
  • Participate in development of the DFIN Application Security Standards, best practices and associated metrics

Required Skills
  • Bachelor degree with 5+ years of relevant work experience OR demonstrated ability to meet the job requirements through a comparable number of years of applicable work experience and education
  • Self-driven, highly motivated with a strong customer focus
  • Strong analytical and problem-solving skills
  • Solid project management skills, especially in a cross-functional environment
  • Familiarity with Agile/Scrum methodologies and associated tools
  • Prior exposure to modern CI/CD pipelines including tools and technologies such as Azure DevOps (former VSTS), GitHub, Jenkins and others
  • Must have a "breaker" mentality, but be effective at designing the mitigating controls
  • Ability to develop technical (XSS, etc.) and functional (fraud, etc.) abuse test cases

Required Skills Continued
  • Working knowledge of vulnerability management and penetration testing tools such as NMAP, Core Security, Burp, ZAP, Rapid7 Nexpose, Kali Linux, or Metasploit
  • Working knowledge of NIST framework, Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM)
  • Solid understanding of OWASP security concepts and common application security risks, such as XSS, CSRF, SQL Injection, Cookie Manipulation, etc.
  • Solid understanding of fundamental application security building blocks such as: authentication, authorization, data validation, encryption, exception handling and logging
  • Solid understanding of leading cloud platforms such as MS Azure and Amazon AWS, their inherent security risks and relevant security controls
  • Solid understanding of the micro-services, containerization technologies (Docker, Kybernetes) and associated security technologies/controls (Aqua, Twistlock and others)
  • Experience with one of the market leading SAST/DAST/IAST tools such as Checkmarx, Veracode, Rapid7 AppSpider, IBM AppScan or HP/Microfocus Fortify
  • Experience with one of the programming languages and/or programming frameworks such as C#, JavaScript, .Net or others

It is the policy of Donnelley Financial Solutions to select, place and manage all its employees without discrimination based on race, color, national origin, gender, age, religion, actual or perceived disability, veteran's status, actual or perceived sexual orientation, genetic information or any other protected status. 

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access jobs.dfinsolutions.com as a result of your disability. You can request a reasonable accommodation by sending an email to [email protected]#TalentknowsTalent


Read Full Job Description

Technology we use

  • Engineering
    • .NETLanguages
    • C#Languages
    • PythonLanguages
    • RLanguages
    • SqlLanguages
    • ReactLibraries
    • AngularJSFrameworks
    • ASP.NETFrameworks
    • Microsoft SQL ServerDatabases
    • SAP HANADatabases
    • TeradataDatabases

Location

Located in the heart of downtown Chicago’s financial district, we are steps from all Metra stations, good eats and entertainment.

An Insider's view of DFIN

What’s the vibe like in the office?

I am working among an extremely smart group of people, of which I have created great friendships with. During lunch break we play board games and have interesting technical and financial discussions. It’s exciting to wake up and go to work knowing that I’ll be collaborating with some of the best colleagues I’ve had in my career.

Mahsa

Software Engineer

What projects are you most excited about?

In transforming and improving FinTech products, excitement comes from the challenge of knowing that the problems are complex, yet the solutions must be easy to use. When we start a new project, I can't wait to sink my teeth into understanding the problem space, talking to users, designing the solution, and seeing it through to release.

Dan

Principal Product Designer

What makes someone successful on your team?

A successful member of our team at DFIN is comfortable to work with or learn any part of the tech stack. They effectively communicate during meetings to help plan out our next projects as a team, and they ask other members of the team for support if they happen to get stuck while coding.

Christopher

Associate Software Engineer

What are DFIN Perks + Benefits

Culture
Partners with Nonprofits
Friends outside of work
Eat lunch together
Intracompany committees
Daily stand up
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Open office floor plan
Diversity
Documented equal pay policy
Dedicated Diversity/Inclusion Staff
Highly diverse management team
(Discuss our CTO?)
Unconscious bias training
Diversity manifesto
Someone's primary function is managing the company’s diversity and inclusion initiatives
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Onsite Gym
Retirement & Stock Options Benefits
401(K)
401(K) Matching
Company Equity
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
We provide up to 4 weeks of parental leave for the primary caretaker. Acme Co. also provides 4 weeks of leave for the secondary caretaker.
Family Medical Leave
Vacation & Time Off Benefits
Generous PTO
Paid Holidays
Paid Sick Days
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Stocked Kitchen
Happy Hours
Fitness Subsidies
Professional Development Benefits
Job Training & Conferences
Diversity Program
Lunch and learns
Cross functional training encouraged
Promote from within
Online course subscriptions available
More Jobs at DFIN8 open jobs
All Jobs
Finance
Dev + Engineer
Sales
Developer
new
Chicago
Developer
new
Chicago
Sales
new
Chicago
Developer
new
Chicago
Developer
new
Chicago