Bank of Oklahoma

Security Engineer III - Application Security

Bank of Oklahoma$90K — $120K *
Tulsa, OK 74133In-Person
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Information Security, Computer Science, or related field, or equivalent experience.
  • 5+ years of experience in Cyber Security or a related technical discipline, or 7+ years relevant experience in lieu of a degree.
  • Advanced expertise in application security tools (WAF, API security, DAST, SAST, IaC, SCA, SIEM/SOAR).
  • Proven ability to lead incident response for application security breaches.
  • Experience securing CI/CD pipelines and cloud-native applications across major platforms.,

Responsibilities

  • Lead the design and implementation of advanced application security architectures and controls.
  • Conduct threat modeling and in-depth vulnerability assessments for applications and APIs.
  • Develop, tune, and maintain application security controls, including WAF/API policies and scanning capabilities.
  • Oversee application-layer incident response, including triage and forensic analysis.
  • Evaluate and define security controls for AI/LLM-enabled features and integrations.
  • Leverage AI-enabled security tools to enhance detection and response capabilities.
  • Provide technical leadership and mentor junior engineers.

Benefits

  • Opportunities for professional growth and advancement.
  • Collaborative team culture promoting continuous improvement.
  • Engagement in cutting-edge security technologies and practices.
  • Flexible work environment that encourages innovative thinking.
  • Access to mentorship programs and learning resources.
Full Job Description
Req ID: 78048

Location: Tulsa -TUL

Areas of Interest: Software Development; Information Security

Pay Transparency Salary Range: Not Available

Application Deadline: 07/31/2026

Bonus Type

Discretionary

Summary

Our team operates at the forefront of innovation, vigilance, and strategic risk management. We combine deep industry expertise with advanced analytics and a disciplined approach to proactively identify and mitigate emerging threats across the organization. Through continuous monitoring, comprehensive assessments, and strong cross-functional partnerships, we deliver tailored security solutions that strengthen BOKF's resilience.

We are passionate about advancing security maturity across the enterprise-collaborating closely with teams to provide actionable insights, champion best practices, and enhance controls. Our work empowers BOKF to pursue its strategic goals with confidence in an evolving threat landscape.

Job Description

As an Application Security Engineer III, you will play a key leadership role in advancing BOKF's application security posture. You will drive the implementation and optimization of security capabilities across the Application Protection portfolio, including WAF, API security, DAST, SAST, IaC, SCA, and SIEM/SOAR.

In this role, you will lead threat modeling and vulnerability assessments for internally developed applications and APIs, design and implement custom security policies and controls, and guide the response to application-layer incidents. You will serve as a subject matter expert, mentoring junior engineers while contributing to the design of advanced detection and prevention strategies.

You will stay ahead of evolving threats-including OWASP Top 10 risks, API vulnerabilities, and software supply-chain attacks-and apply that knowledge to strengthen defenses. The role also includes performing forensic and root cause analysis, partnering with risk, legal, and compliance teams to support regulatory requirements, and developing custom code to enhance application security capabilities.

As BOKF embraces AI-enabled development and security tooling, you will leverage approved AI capabilities to accelerate workflows while ensuring accuracy, safeguarding sensitive data, and maintaining strong governance. You will also assess and mitigate risks associated with AI/LLM-enabled applications and third-party services, including prompt injection, data leakage, and insecure integrations, while helping implement effective monitoring and controls.

Team Culture

Our team thrives in a dynamic and collaborative environment where curiosity, ownership, and continuous improvement are foundational. We encourage innovative thinking, open knowledge-sharing, and proactive problem-solving.

By working together to address complex security challenges, team members are empowered to expand their expertise, influence meaningful outcomes, and shape the future of application security at BOKF. Our strong partnerships across the organization and commitment to excellence ensure we remain resilient and forward-looking.

How You'll Spend Your Time
• You will lead the design and implementation of advanced application security architectures and controls across the SDLC, including secure CI/CD guardrails.
• You will conduct threat modeling and in-depth vulnerability assessments for applications and APIs, partnering with stakeholders to prioritize remediation.
• You will develop, tune, and maintain application security controls, including WAF/API policies and DAST/SAST/SCA/IaC scanning capabilities.
• You will oversee application-layer incident response, including triage, containment, and forensic/root cause analysis.
• You will evaluate and define security controls for AI/LLM-enabled features and integrations, including risks related to data protection, model trust, and misuse scenarios.
• You will leverage AI-enabled security tools to enhance detection, analysis, and response while validating outputs and protecting sensitive data.
• You will provide technical leadership by mentoring team members and leading initiatives through successful delivery with minimal oversight.
• You may perform other duties as assigned.

Education & Experience Requirements

This role typically requires a Bachelor's degree in Information Security, Computer Science, or a related field, along with 5+ years of experience in Cyber Security or a related technical discipline; alternatively, 7+ years of relevant experience may be considered in lieu of a degree.
A Master's degree, CISSP, or equivalent certifications are preferred.

Skills
• Advanced expertise in configuring and optimizing application security tools (WAF, API security, DAST, SAST, IaC, SCA, SIEM/SOAR) to deliver effective and scalable protection.
• Strong understanding of application threat intelligence and the ability to identify and mitigate both known and emerging attack vectors.
• Proven experience leading application security incident response, including triage, containment, and root cause analysis.
• Demonstrated ability to lead cross-functional initiatives involving development, DevOps, and risk teams.
• Excellent analytical and problem-solving skills, with a structured approach to complex challenges.
• Advanced scripting capabilities (e.g., Python, Bash, Go, PowerShell) to automate security processes and workflows.
• Experience securing CI/CD pipelines and cloud-native applications across AWS, Azure, and GCP.
• Strong knowledge of cryptography, TLS, secrets management (e.g., HashiCorp Vault), and key lifecycle management.
• Ability to clearly communicate complex security concepts to both technical and non-technical stakeholders.
• Experience leveraging data analysis tools (e.g., Splunk, Elasticsearch, Excel) to drive insights and metrics.
• Deep understanding of application risk management principles and mitigation strategies.
• Familiarity with AI/LLM security risks (e.g., prompt injection, data leakage, supply-chain risk) and practical implementation of controls.
• Ability to use AI-assisted tools responsibly to enhance productivity while validating results and protecting sensitive information.

About Bank of Oklahoma

Bank of Oklahoma is a regional bank headquartered in Tulsa, Oklahoma. The bank was founded in 1910 and has over 100 branches in Oklahoma, Texas, Kansas, and Missouri. Bank of Oklahoma provides a range of financial services, including personal and business banking, wealth management, and insurance. The bank is committed to supporting the communities it serves and has donated millions of dollars to charitable organizations. Bank of Oklahoma is a subsidiary of BOK Financial Corporation, which is a publicly traded company on the NASDAQ stock exchange.
Learn more about Bank of Oklahoma
Size
5,000 employees
Industry

Similar Jobs

More Jobs at Bank of Oklahoma

More Information Technology Jobs

Find similar Security Engineer III - Application Security jobs: