Overview:As an Application Security Engineer, you will lead initiatives to strengthen the firm's application security program, working closely with development, risk, compliance, and audit teams to ensure robust, resilient, and secure software solutions. This role offers a unique opportunity to influence security standards within a reputable, growth-oriented private markets environment, with a hybrid work model that promotes flexibility and work-life balance.
Responsibilities
- Evaluate applications, SDLC processes, and system architecture to identify risks and security gaps.
- Define standards, guardrails, and best practices for secure coding, especially around emerging AI-powered development tools.
- Lead secure code reviews, threat modeling, and conduct application security testing (SAST, DAST, SCA).
- Detect, analyze, and assist in the remediation of vulnerabilities within web applications and APIs.
- Collaborate with engineering teams to embed security into CI/CD pipelines and DevSecOps practices.
- Support security audits, regulatory inspections, penetration testing, and incident response activities.
- Monitor third-party SaaS tools, ensuring secure configurations and access controls align with corporate standards.
- Develop security metrics and reporting to measure the effectiveness of security initiatives.
- Educate and empower developers through secure coding guidance, training, and tooling.
Requirements- Demonstrated expertise in application security principles and familiarity with OWASP Top 10 risks.
- Proven experience securing web apps, APIs, and microservices, ideally within financial services.
- Hands-on experience with AI-assisted coding tools such as Cursor, GitHub Copilot, or ChatGPT Codex, including understanding associated security risks.
- Proficiency in code review across languages like Java, Python, C#, or JavaScript.
- Strong knowledge of cloud environments, containers, Infrastructure as Code (IaC), and modern DevSecOps tooling.
- Excellent communication skills, with the ability to convey technical risk to diverse stakeholders.
- Bachelor's degree in Computer Science, Information Security, or a related discipline.
- Professional security certifications such as CISSP, CSSLP, OSCP, or GWAPT are a plus.
- 3-5 years of experience in application security or secure software development.
- Experience working within regulated environments such as finance, banking, or fintech, with familiarity in relevant compliance frameworks (e.g., SOC 2, SOX, PCI DSS, GDPR).
Compensation: $140,000 - $160,000 annually
