Lead Cybersecurity Engineer
Job Description
At Discover, be part of a culture where diversity, teamwork and collaboration reign. Join a company that is just as employee-focused as it is on its customers, and which is consistently awarded for both. We’re all about people and our employees are why Discover is a great place to work. Be the reason we help millions of consumers build a brighter financial future and achieve yours along the way with a rewarding career.
The ideal candidate will have business acumen, a sound understanding of the Cybersecurity with the ability to think, operate and balance priorities in extreme dimensions strategic and tactical, long-term and near-term. The Engineer will provide technical leadership for Application Security Product domain and must be able to solve complex security problems. This individual will be expected to work closely with Cybersecurity and Enterprise Architects to build strategy and champion Application Security products and services. This is an excellent opportunity for someone who is a self-starter, team player, loves to solve problems and enable secure business practices.
Responsibilities
The candidate will help the team build tools and products to help developers succeed with security, some of which include:
- Enhance and maintain CI/CD integration with IAST solution.
- Review, assess and maintain secure coding training program through custom web forms, API integrations.
- Build and maintain system to measure and report on KPIs of edge protection products (WAF, DDoS protection, et al).
- Support and maintain high availability of integrations and systems.
- Manages relationships with security partners and vendors.
- Ensures compliance to audit, regulatory, and legal requirements.
- Analyzes, designs, and develops security solutions with Cybersecurity architects to ensure it is consistent with corporate technology goals and risk tolerance levels.
- Provides direction to infrastructure, operations, data, and application developments groups throughout the transitioning phase, implementation in production, and beyond.
- Validates current- and future-state architectural models to assess impact across assigned Cybersecurity technology systems.
- Serves as the subject matter expert for supported security technologies, and act as subject matter expert during escalations.
- Oversees security requirements and technical specifications to guide project implementation toward successful solution delivery.
- Maintains knowledge of engineering next-gen designs, security trends, threats, and attack techniques.
- Builds and maintains effective relationships with management, peers, project managers, and internal customers.
- Designs and engineers solutions to align with the Cybersecurity Strategy.
Minimum Qualifications
At a minimum, here’s what we need from you:
- H.S. Diploma or GED
- 6+ years of experience in Information Security, Security Engineering, or related field
Preferred Qualifications
If we had our say, we’d also look for:
- Bachelor’s Degree in Information Security, IT, Computer Science, or related field
- 5+ years work experience programming in Java and Python, including building integration with APIs, using Linux sh, and explaining how to use, share and maintain these products through effective documentation.
- 2+ years in application security, experience working output from SAST, DAST, and IAST solutions, including in-depth experience exploiting, mitigating and explaining OWASP Top 10 vulnerabilities.
- Experience building CI/CD pipelines and building plugins, including experience with Java, Groovy and Python.
- Experience supporting and maintaining high availability systems using a DevOps mentality (“you build it, you support it”).
- Experience with security technologies such as Web Application Firewalls, Code Analysis Tools, Bot Mitigation, etc.
- Experience deploying apps on application platform such as PCF or Kubernetes.
- Strong problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
The same way we treat our employees is how we treat all applicants – with respect. Discover Financial Services is an equal opportunity employer (EEO is the law). We thrive on diversity & inclusion. You will be treated fairly throughout our recruiting process and without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status in consideration for a career at Discover.