Job Purpose

An Intercontinental Exchange (ICE) IS AppSec Engineer is part of a team responsible for ensuring that ICE produces and maintains secure applications. The team member influences secure design, performs code analysis, identifies vulnerabilities through hands-on penetration testing, assists developers in remediation efforts, and communicates findings to developers, QA teams and management.

Responsibilities

• Application Identification and Review - Operates the Application Development Security Lifecycle from design review through automated and hands-on testing.
• Standards and Policies - Maintains and contributes to Application Development Security Policies and standards by keeping up with industry trends and publications from organizations such as NIST, OWASP, and SANS.
• Secure Design – Works with development teams to establish security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases.
• Tool Management – Focuses on automation while implementing, maintaining and integrating cutting-edge technologies to assess an application’s security with static code analyzers (SAST), dynamic testing (DAST) tools, software composition scanners, Web Application Firewall (WAF) and bug bounty programs.
• Developer Education – Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one-on-one education, Intranet blogs and other opportunities.

Knowledge and Experience

• University degree in Computer Science, Engineering, MIS, CIS, or related discipline
• Software engineering experience in Java, C++, .NET and/or related languages
• Expert at deploying, configuring, and using SAST, DAST, and Software Composition in large environments
• Experience designing solutions to integrate transparently with the CI/CD pipeline
• Familiar with application development in large cloud environments

Analyst, Engineer and Senior Engineer DistinctionSeniority is determined by experience and demonstration of exceptional competencies including:

• Documenting and effectively publishing technology guidance and repeatable processes
• Mentoring peers in groups and individually
• Improving processes and introducing superior technology
• Taking initiative to learn business goals, liaise with other departments, and identify ways to increase productivity in other ICE groups and offices