As an Application Developer Lead( Application Security Coach ) within PNC's Security organization, you will be based in Pittsburgh, PA, Cleveland, OH, or Columbus, OH. Remote work is an option for a well-qualified candidate.
An Application Security Coach is a subject matter expert who is responsible for ensuring that PNC application developers have the necessary tools, knowledge, and assistance as they deliver quality application code, free of security risks. As part of a team, you will work with technology groups to ensure that projects and systems are implemented with required technical controls in accordance with security best practices and policy. Responsibilities within this position will include:
•Consult with development teams in secure architectural design and review.
•Provide subject matter expertise to development teams for secure practices in areas such as database interaction, authentication methods, encryption, entitlement systems, logging, input validation, secure storage, etc.
•Participate in requirements definition and perform initial risk analysis to define a minimum standard of security for each application. Deliver the criteria for release gates as a part of this process, to provide a means for measuring progress and risk mitigation maturity throughout the software development lifecycle.
•Identify residual risks not addressed by projects security requirements.
•Participate in threat modeling with the explicit purpose of influencing design decisions to address the most likely threats to an application’s security and resiliency.
•Provide expert assistance to developers as they work to implement security standards or to remediate discovered deficiencies.
•Work with project teams to prioritize security milestones. Ensure that project managers give security requirements the same attention that functional requirements generally receive during the development process.
Oversee security training and professional development and serve as a repository of security expertise for other project members.
- Leads in the technical design and development of cross-functional, multi-platform application systems.
- Directs business assessment and requirements analysis processes, for the development of hardware and operating systems .
- Analyses features such as feasibility, associated costs, time, and the compatibility of new programs with existing programs, and hardware. Ensures that expected application performance levels are achieved .
- Coordinates coding, testing, implementation and documentation of application solutions .
- Performs complex application programming activities including, coding, testing, debugging, documenting, maintaining, and modifying complex applications programs .
Manages Risk - Working Experience
- Assesses and effectively manages all of the risks associated with their business objectives and activities to ensure activities are in alignment with the bank's and unit's risk appetite and risk management framework.
Customer Focus - Extensive Experience
- Knowledge of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions, and ability to leverage that information in creating customized customer solutions.
Job Specific Competencies
APPLICATION DEVELOPMENT TOOLS - Subject Matter Expertise
- Knowledge of and ability to utilize a variety of specific tools and toolkits for the development and support of applications.
Application Testing - Extensive Experience
- Knowledge of application testing and ability to design, plan and execute application testing strategies and tactics to ensure software quality throughout all stages of application development.
Application Design, Architecture - Subject Matter Expertise
- Knowledge of application design activities, tools and techniques; ability to utilize these to convert business requirements and logical models into a technical application design.
APPLICATION DELIVERY PROCESS - Extensive Experience
- Knowledge of major tasks, deliverables, and formal application delivery methodologies; ability to utilize these in order to deliver new or enhanced applications.
Packaged Application Integration - Subject Matter Expertise
- Knowledge of and the ability to implement packaged application software and integrate it with company applications, databases and technology platforms.
System Development Life Cycle - Extensive Experience
- Knowledge of project management techniques and the ability to plan, design, develop, test, implement and maintain system development life cycle segments and phases.
Product and Vendor Evaluation - Working Experience
- Knowledge of and ability to implement processes for the evaluation and selection of products, tools, services and infrastructure components ensuring they are in line with an organization's business needs and architectural principles.
Technical Troubleshooting - Subject Matter Expertise
- Knowledge of technical troubleshooting approaches, tools and techniques, and the ability to anticipate, recognize, and resolve technical (hardware, software, application or operational) problems.
Software Process Improvement (SPI) - Extensive Experience
- Knowledge of formal software process improvement disciplines, and ability to assess and improve the quality and operating costs associated with an existing application.
RequiredEducation and Experience
Roles at this level typically require a university / college degree, with 3+ years of relevant / direct industry experience. Certifications are often desired. In lieu of a degree, a comparable combination of education and experience (including military service) may be considered.