Description

• Designs and implements new technologies, frameworks, and platform improvements. Serves as subject-matter expert for application security, engaging, collaborating, and advising on application security and application security analytics practices, standards, and methods.
• Works closely with the DevOps team and uses tools to analyze code and look for problems, including Wiz, Portswigger, GitHub, and SonarQube.
• Collaborate with development and DevOps teams to integrate Azure security services (e.g., Azure Key Vault, Azure Security Center, Azure Active Directory) into CI/CD pipelines.
• Provide guidance on secure use of Azure App Services, Azure Functions, and containerized workloads in AKS (Azure Kubernetes Service).
• Configures resources to detect vulnerabilities to operating systems, applications, databases, and the network infrastructure components. Detects, enumerates, and classifies major vulnerabilities, performs trend analysis and reporting using vulnerability assessment tools and methodologies.
• Reads and delivers business and technical requirements while searching for opportunities to group capabilities into frameworks, suggest innovative solutions, and leverage existing technologies.
• Provides oversight and assurance for assessment of enterprise applications, including web, cloud, and mobile applications to deliver secure and robust solutions.
• Build tests which validate key capabilities or fragile code and build automated functional and integration tests.
• Performs analysis of software code repositories, applications, code designs, processes, and implementation from a security perspective.
• Works with development and infrastructure members to identify and resolve security issues in context of any potential compensating controls (WAF, IPS, IDS, ML, AI, NBA, EUBA, CASB).
• Works with software developers to integrate application security across the entire CI/CD pipeline.
• Schedules and maintain security operations management of operating systems, security applications and network infrastructure components. Provides security configurations, controls for monitoring, and centralized logging for network and server devices.
• Formulates and interprets penetration test information results for the enterprise. Manages vulnerability detection, analysis, and exploitation remediation to ensure confidentiality, integrity, and availability of mission critical information assets.
• Provides guidance using specialized knowledge and toolsets to operational teams during enterprise-wide crisis scenarios outside of the routine change management process or production scope.

• Demonstrates comprehensive understanding of security methodologies, knowledge of networking components (routers, switches, load balancers, wireless access points); client/server relationships; relational databases and structured query language; encryption algorithms and ciphers (PKI/SSL); malicious code (works, viruses spyware, etc.); Virtual Private Networking; and multi-tier environments).
• Experience working in an information security organization and understanding of Governance, Risk, and Controls processes.
• Experience with vulnerability management, application security concepts, best practices, and architectures for API, Microservices, networking and data.
• Prior experience with application software development life cycle (SDLC) and Security Software development life cycle (SSDLC) required.
• Prior experience with DAST/SAST/WSA/API and OWASP Top 10 security controls.
• Experience in Waterfall, Agile, SCRUM, CI/CD and DevOps – secure DevOps experience a plus.
• Experience with Windows, macOS, Linux, and Unix operating systems.
• Preferred Certifications: CISSP, GIAC, CRISC, GCIH, CEH, GSEC, CCNA.
• Bachelor’s Degree in Computer Information Systems, Computer Science, Business, Engineering, or related field preferred and a minimum of ten (10) + years’ experience working in a similar field.
• Experience in the Mortgage industry preferred.

• Work with other passionate, purposeful, and customer-centric team members.
• Inclusive, diverse, and collaborative culture where people from all backgrounds can thrive.
• Extensive internal growth and professional development opportunities including tuition reimbursement.
• Comprehensive benefits package including Medical/Dental/Vision.
• Wellness program to support both mental and physical health.
• Generous paid time off options to support work-life balance.