Principal Cybersecurity Application Security Engineer (DevSecOps) at Discover
Discover. A brighter future.
With Discover, you’ll have the chance to make a difference at one of the world’s leading digital banking and payments companies. From Day 1, you’ll do meaningful work you’re passionate about, with the support and resources you need for success. We value what makes each employee unique and provide a collaborative, team-based culture that gives everyone an opportunity to shine. Be the reason millions of people find a brighter financial future, while building the future you want, here at Discover.Job Description
The ideal candidate will have business acumen, a sound understanding of the Cybersecurity with the ability to think, operate and balance priorities in extreme dimensions strategic and tactical, long-term and near-term. The Engineer will provide technical leadership for Application Security Product domain and must be able to solve complex security problems. This individual will be expected to work closely with Cybersecurity and Enterprise Architects to build strategy and champion Application Security products and services.
As a Principal Cybersecurity Engineer you may work on solutions that range from helping developers build secure application to building tools for developers to integrate into their CICD pipelines. You will threat model and drive requirements into reusable enterprise solutions. The Principal Cybersecurity Engineer will proactively keep abreast of evolving technology landscape and business transformational practices as well as analyze threat landscape. This is an excellent opportunity for someone who is a self-starter, assertive, team player, loves to solve problems and enable secure business practices.
- Acts as the principal advisor to upper management in Cybersecurity matters. Ensures security improvement designs are evaluated, validated, and implemented as required. Certifies that protection and detection capabilities are acquired or developed using the Cybersecurity engineering approach and are consistent with organization-level cybersecurity architecture. Explores and assesses the latest technology trends, disruptions and security/IT service business models to ensure Business Technology maintains, and improves, organization cyber competitive edge.
- Works closely with management to define and promote the strategic direction of the team. Provides strong leadership and direction to team members. Provides subject matter expertise across all Cybersecurity technologies. Oversees project implementation to ensure successful solution delivery.
- Researches, engineers and integrates new Cybersecurity solutions. Applies service oriented security architecture principles to meet organization's confidentiality, integrity, and availability requirements. Performs cyber defense incident triage, to include determining scope, urgency, and potential impact; identifying the specific vulnerability. Makes recommendations that enable expeditious remediation.
- Creates and maintains Cybersecurity technology roadmap. Ensures compliance to audit, regulatory and legal requirements Builds and maintains effective relationships with peers and internal business partners, and external vendors. Enforces the engineering and architecture methodologies to be in compliance with technical aspects of security controls and standards, and pilots the implementation of prominent security solutions to improve the confidentiality, integrity and/or availability of the firm’s intellectual property, systems and applications.
- Transforms business requirements into technical specifications. Designs and develops system security measures to ensure Cybersecurity is fully integrated. Validates current and future state architectural models to assess impact across all Cybersecurity technology systems.
- H.S. Diploma or GED
- 6 + years of expereince in Information Security, Application Security, Programming, DevOps, Cloud, Computer Science, Data Analytics, or related
- Bachelor’s Degree in Computer Science, Engineering, or related field.
- 8+ years work experience programming in Java and Python with previous experience as senior developer/architect preferred.
- 5+ years in application security, experience deploying and managing SAST, DAST, and IAST solutions. Experience should include experience consulting and helping application developers implement better approaches.
- Experience conducting secure code reviews to identify and recommend resolution to secure code flaws.
- Experience conducting Threat Modeling workshops or exercises.
- Ability to articulate messages through designs and documentation.
- Experience developing on and deploying to PaaS platforms, such as Openshift/Kubernetes and Pivotal Cloud Foundry.
- Experience with SSDLC practices in DevOps, CI/CD environment is preferred
- Strong problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution
- Excellent verbal and written communication skills including the ability to author and present materials ranging from detailed technical specifications to high-level executive presentations
- Ability to manage multiple deliverables and in a fast-paced environment
- Experience in building road maps, reference architectures, patterns, threat models, planning and managing work via standards and procedures
- Experience with multiple security technologies such as Web Application Firewalls, Code Analysis Tools, Bot Mitigation, etc.
- Experience or knowledge of applying risk management concepts is preferred
- Experience working with or strong knowledge of cloud based services including SaaS, PaaS (e.g. Kubernetes), IaaS(e.g. AWS, GCP) and understanding of effectively enabling business while securing these environments is a preferred
- Knowledge payment compliance and standards (PCI DSS, FFIEC, NIST Security Standards and Frameworks) is a preferred
What are you waiting for? Apply today!
The same way we treat our employees is how we treat all applicants – with respect. Discover Financial Services is an equal opportunity employer (EEO is the law). We thrive on diversity & inclusion. You will be treated fairly throughout our recruiting process and without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status in consideration for a career at Discover.