Principal Cybersecurity Application Security Engineer (DevSecOps) at Discover
Discover. A more rewarding way to work.
At Discover Financial Services, you’ll find yourself in the company of some of the industry’s smartest and most reliable professionals. And at a company that rewards dedication, values innovation and supports growth.
Thrive in an environment that promotes teamwork and shared success. Build on a foundation of mutual respect. Join the company that understands rewarding careers like no other, with this exceptional opportunity:
At Discover, be part of a culture where diversity, teamwork and collaboration reign. Join a company that is just as employee-focused as it is on its customers and is consistently awarded for both. We’re all about people, and our employees are why Discover is a great place to work. Be the reason we help millions of consumers build a brighter financial future and achieve yours along the way with a rewarding career.
Responsibility of the role is to design the Cybersecurity engineering roadmap, and deliver highly-complex secure systems,cyber applications, technical projects and regulatory and risk requirements. Drive Cybersecurity engineering solutions, framework, roadmap, program optimization, process engineering, risk remediation, and mitigation of operational risk in a high velocity culture by introducing technology, requirements, deliverables, gaps and systems design. Analyze competitive strategies, cyber technologies, metrics models, and performance indicators. Contribute to robust and innovative strategic solutions and build resilient support for next-generation systems to solve business challenges and enhance the control environment.
The ideal candidate will have business acumen, a sound understanding of the Cybersecurity with the ability to think, operate and balance priorities in extreme dimensions strategic and tactical, long-term and near-term. The Engineer will provide technical leadership for Application Security Product domain and must be able to solve complex security problems. This individual will be expected to work closely with Cybersecurity and Enterprise Architects to build strategy and champion Application Security products and services. As a Principal Cybersecurity Engineer you may work on solutions that range from helping developers build secure application to building tools for developers to integrate into their CICD pipelines. You will threat model and drive requirements into reusable enterprise solutions. The Principal Cybersecurity Engineer will proactively keep abreast of evolving technology landscape and business transformational practices as well as analyze threat landscape. This is an excellent opportunity for someone who is a self-starter, assertive, team player, loves to solve problems and enable secure business practices.
Principal Cybersecurity Engineer can be expected to solve complex security problems, build secure application and tools for developers to integrate into their CICD pipelines , and integrate threat model and drive requirements into reusable enterprise solutions. In addition, conduct secure code reviews to identify and recommend resolution to secure code flaws. Furthermore, to develop on and deploy to PaaS platforms, and provide guidance on PaaS, SaaS and IaaS to effectively enable the business while securing these environments.
- Acts as the principal advisor to upper management in Cybersecurity matters. Ensures that security improvement designs are evaluated, validated, and implemented as required. Certifies that protection and detection capabilities are acquired or developed, using the Cybersecurity engineering approach, and are consistent with organization-level cybersecurity architecture. Explores and assesses the latest technology trends, disruptions, and security/IT service business models to ensure Business Technology maintains and improves the organization’s cyber-competitive edge.
- Works closely with management to define and promote the strategic direction of the team. Provides strong leadership and direction to team members. Provides subject matter expertise across all Cybersecurity technologies. Oversees project implementation to ensure successful solution delivery.
- Researches, engineers, and integrates new Cybersecurity solutions. Applies service-oriented security architecture principles to meet the organization’s confidentiality, integrity, and availability requirements. Performs cyber defense incident triage, including determining scope, urgency, and potential impact; identifying the specific vulnerability. Makes recommendations that enable expeditious remediation.
- Creates and maintains Cybersecurity technology roadmap. Ensures compliance to audit, regulatory, and legal requirements. Builds and maintains effective relationships with peers and internal business partners, and external vendors. Enforces the engineering and architecture methodologies to be in compliance with technical aspects of security controls and standards, and pilots the implementation of prominent security solutions to improve the confidentiality, integrity, and/or availability of the firm’s intellectual property, systems, and applications.
- Transforms business requirements into technical specifications. Designs and develops system-security measures to ensure Cybersecurity is fully integrated. Validates current and future-state architectural models to assess impact across all Cybersecurity technology systems.
At a minimum, here’s what we need from you:
- Bachelors Degree in Information Security , Computer Science, Business Administration, Data Analytics, or related field or equivalent experience
- 8+ years of experience in Information Security, Computer Science, Data Analytics, or related field
- In lieu of a degree, 4+ years of experience in Information Security, Computer Science, Data Analytics, or related field, or 3 years of experience with related certifications
If we had our say, we’d also look for:
PM, CEH, GIAC, CISM, CISSP
- 8+ years work experience programming in Java and Python with previous experience as senior developer/architect preferred.
- 5+ years in application security, experience deploying and managing SAST, DAST, and IAST solutions. Experience should include experience consulting and helping application developers implement better approaches.
- Experience conducting secure code reviews to identify and recommend resolution to secure code flaws.
- Experience conducting Threat Modeling workshops or exercises.
- Ability to articulate messages through designs and documentation.
- Experience developing on and deploying to PaaS platforms, such as Openshift/Kubernetes and Pivotal Cloud Foundry.
- Experience with SSDLC practices in DevOps, CI/CD environment is preferred
- Strong problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution
- Excellent verbal and written communication skills including the ability to author and present materials ranging from detailed technical specifications to high-level executive presentations
- Ability to manage multiple deliverables and in a fast-paced environment
- Experience in building road maps, reference architectures, patterns, threat models, planning and managing work via standards and procedures
- Experience with multiple security technologies such as Web Application Firewalls, Code Analysis Tools, Bot Mitigation, etc.
- Experience or knowledge of applying risk management concepts is preferred
- Experience working with or strong knowledge of cloud based services including SaaS, PaaS (e.g. Kubernetes), IaaS(e.g. AWS, GCP) and understanding of effectively enabling business while securing these environments is a preferred
- Knowledge payment compliance and standards (PCI DSS, FFIEC, NIST Security Standards and Frameworks) is a preferred
Discover Financial Services is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran status, among other things, or as a qualified individual with a disability.