Senior Application Security Engineer
M&T BankFull Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Candidates should possess a Bachelor’s degree in Computer Science, Cybersecurity, or a related field, and have at least 3 years of experience in application security engineering. Strong knowledge of web application vulnerabilities, mobile security best practices, and API security is required, along with experience with OWASP Top 10. Familiarity with secure SDLC activities, threat modeling, and secure coding practices is also necessary. Experience with static and dynamic analysis tools, as well as reverse engineering techniques, is beneficial.
The Application Security Engineer II will perform regular vulnerability assessments and penetration testing on web and mobile applications, APIs, and infrastructure. They will guide developers in fixing security issues, conduct code reviews, participate in application design discussions, and perform threat modeling of web/mobile applications. Additionally, they will develop secure code practices, evaluate and integrate security testing tools into CI/CD pipelines, and serve as a security engineering expert and technical champion within Zeta. The role involves continuous improvement of web/mobile application security, mentoring developers and QA, assessing gaps and tools, and liaising with stakeholders.
Cloud-native payment card processing platform
Zeta provides a platform for payment card processing that is designed for banks, financial institutions, and fintech companies. Their main product, the Omni Stack, allows clients to easily create and manage digital credit, debit, and prepaid card programs. This platform works by integrating with existing systems through APIs, which helps streamline the payment processing experience. Zeta stands out from its competitors by focusing on cloud-native solutions and ensuring compliance with important regulations, which helps build trust with their clients. The company's goal is to make payments seamless and less noticeable in everyday transactions, moving towards a future where payments are 'invisible'.