Our mission as a leading investment management firm is to help our clients achieve their long-term financial goals. We believe our associates are the key to this mission and we are always looking for talented individuals who share our commitment to our client's success.
If you're looking for challenging work experiences and the ability to learn in a collaborative culture, we invite you to explore the opportunities available at T. Rowe Price.
The Sr. Software Engineer is responsible for developing and implementing enterprise-wide solutions with respect to application and systems security. This position works to evaluate and implement applications and application systems to ensure that business needs are met or exceeded, with a minimal degree of risk to the firm. This includes the identification and remediation of vulnerabilities, software and application testing, providing design and coding guidance and system security engineering, and serving as a consultant to other business units while acting as an Application Security Subject Matter Expert (SME). The Sr. Software Engineer will also research, evaluate, document, proof-of-concept, engineer, and deploy new solutions to meet the firm's evolving security needs.
ROLE SUMMARY AND JOB RESPONSIBILITIES
- Applies new and emerging programming methods, methodologies, technologies, and industry trends. The incumbent determines the impact of the introduction of these on the security posture of the rest of the enterprise and is prepared to provide actionable guidance and security requirements on the impacts of any new technologies or methodologies when such inputs are needed.
- Supports the enterprise security architecture and provides technical expertise to troubleshoot and solve problems as needed. Works with personnel throughout the firm to troubleshoot any problems and ensure the systems is functioning properly. The incumbent acts as a final level of troubleshooting expertise when trouble with the systems arise and works with the vendor, when necessary, of the product to ensure that issues are being properly addressed and resolved.
- Serves as a Subject Matter Expert (SME) in the field of application security. Works with developers, architects, project leads/managers, business analysts, and others, in identifying security requirements for projects and ensures that these requirements are met as part of the software development lifecycle. Performs security design review, threat modeling and architectural/system security assessments, to ensure that solutions are being designed with a minimal degree of technical risk. The incumbent works to identify, triage, and provide remediation guidance of vulnerabilities within software applications and systems, using a variety of tools, techniques, approaches, and methodologies.
- Acts to integrate application/software security tools within existing processes and toolsets. The incumbent builds, operates, and enhances systems to integrate tools such as static source code analysis, dynamic vulnerability scanning & penetration testing, and others within the software development lifecycle in optimal ways.
- Serves as an application security advocate within the firm. The incumbent works alongside developers, architects, project leads/managers, business analysts, and others throughout project lifecycles, acting as the "go to" individual for all security questions, concerns, and guidance. The incumbent develops and presents training material on security-related topics and develops application security-related development standards & best practices, working alongside other governance and architecture teams.
- Researches and evaluates new technologies that may increase the firm's security posture, primarily in the Application Security and Identity & Access Management (IAM) spaces. The incumbent creates advisory and strategy documents, conducts proof-of-concept evaluations, provides selection advice and recommendations, and determines optimal ways of integrating technology through the firm into new and existing processes. The incumbent serves as the technical lead of implementation projects for new product or technology integrations.
- Able to work directly with business stakeholders
- Decisions show a focus on current and future business priorities, together with fiscal responsibility
- Can articulate business needs and translate them into technology solutions
- Typically requires 3+ years of relevant experience
- Strong database programming (SQL, etc) experience
- Experience implementing, maintaining, and enhancing both custom and off-the-shelf enterprise software utilizing multiple technologies
- Experience serving as a member of a Development Team – serving as the lead Engineer and Application Architect while interfacing with Analysts, Testers, and Vendors
- Experience with enterprise applications (architecture, development, support, and troubleshooting)
- Working knowledge of system administration—Windows as well as Unix and Linux.
- Strong interpersonal and communication skills; ability to work in a team environment
- Ability to work independently with minimal direction; self-starter/self-motivated
- Demonstrated ability to mentor others, including junior technical team members and senior nontechnical team members
- Technical writing and communications experience
- Master's degree in a Computer Science or Engineering field, with 7+ years of experience preferred
- Java EE and .Net software development experience preferred
- Working knowledge of common web application security vulnerabilities (OWASP Top Ten, etc) and programming patterns that lead to them, as well as remediation techniques preferred
- Strong knowledge and background working in identity management and authentication technologies preferred
- Core (Courion) Access Assurance Suite Experience preferred
- Awareness/Knowledge and Interest in AWS Cloud Infrastructure preferred
- Federated identity/federated single-sign-on experience preferred
- Detailed understanding of SSL/TLS protocols and certificate-based solutions preferred
- Experience with software security testing (blue team / red team, static and dynamic analysis) preferred