Senior Application Security Engineer
M&T BankSalary not specified
Full Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Financial ServicesIndustries
Requirements
- Undergraduate degree in a related field or equivalent combination of training and experience
- Strong experience deploying and operating DAST tools, including managing team onboarding, authentication setup, and CI/CD integration
- Experience with other well-known application security tools (SAST, SCA, IAST, RASP, etc.)
- Strong knowledge of application development, build, and deployment processes (development, IDEs, repositories, branching, pipelines, cloud, containers, serverless, etc.)
- Familiarity with industry standards such as NIST, OWASP, and MITRE
- Relevant certifications in application development, security, application security, DevSecOps, or cloud are a plus
Responsibilities
- Utilize application development, deployment, and security experience to guide Application Security strategy and secure the software development lifecycle (SDLC)
- Utilize current and emerging security technologies to identify, assess, and remediate application vulnerabilities (SAST, SCA, IAST, DAST, Containers, etc.)
- Configure and onboard teams to dynamic scanning tools across CI/CD environments, including management of authentication and integration of DAST scanners with target applications and platforms
- Design, implement, and continuously refine API security requirements and architecture patterns that proactively address emerging threats and align with enterprise security and system design principles
- Ensure the proper implementation, coverage, and function of the application security solutions
- Develop and implement strategies to secure current and emerging technologies (cloud, containers, serverless, mobile, AI/ML, etc.)
- Conduct in-depth analysis of vulnerabilities in software and application deployment processes, proposing and implementing remediation measures
- Identify and execute opportunities to automate Application Security processes to improve the efficiency and effectiveness of security measures
- Gather and report metrics from application security solutions and processes to provide meaningful insights into the maturity of the Application Security program
- Collaborate with developer community and enhance their experience in remediating SDLC security vulnerabilities
- Provide guidance and training to development and cloud engineering teams on secure coding and deployment best practices
- Stay up to date on application security practices and standards; participate in educational opportunities; read professional publications
- Maintain comprehensive documentation of technology, projects, processes, etc
- Participate in special projects and other duties as assigned
Skills
SAST
SCA
IAST
DAST
Containers
CI/CD
API Security
Cloud
Serverless
Mobile
AI/ML
Secure Coding
SDLC
Vanguard
Client-owned investment management firm offering low-cost funds
About Vanguard
Vanguard provides financial services with a focus on investment management. The company offers a variety of products, including mutual funds, exchange-traded funds (ETFs), individual retirement accounts (IRAs), and 401k rollovers, aimed at individual investors, financial advisors, and institutions. Vanguard's unique ownership structure means it is owned by its funds, which are in turn owned by the clients, allowing it to prioritize the needs of its investors over external shareholders. This model enables Vanguard to offer low-cost investment options, as it primarily earns revenue through management fees that are generally lower than industry standards. Additionally, Vanguard provides personalized investment advisory services, charging fees based on the assets managed. The company's goal is to help clients grow their wealth and achieve their financial objectives through effective investment strategies, while maintaining a competitive performance track record.
Kline Township, PennsylvaniaHeadquarters
1975Year Founded
SECONDARYCompany Stage
Fintech, Financial ServicesIndustries
10,001+Employees
Benefits
Best-in-class medical, dental & vision coverage
Onsite health clinic & fitness center
Health Smart Rewards program
Vanguard Retirement Savings Plan
Education Benefits
PTO
Family Planning Benefist
Parental leave
Personal development opportunities
Volunteer Time Off
Risks
Competition from AI-driven platforms like Writer challenges Vanguard's traditional advisory services.
Vanguard's stake in Steelcase exposes it to the volatile furniture market.
New active bond ETFs may struggle in a low-yield environment with increasing competition.
Differentiation
Vanguard is client-owned, aligning its interests with investors, unlike traditional firms.
The firm offers low-cost investment products, making it attractive to cost-conscious investors.
Vanguard's ownership structure allows it to focus on long-term investor value.
Upsides
Vanguard's new active bond ETFs offer diversified, low-cost fixed income options.
The acquisition of Steelcase shares diversifies Vanguard's portfolio into the furniture industry.
Launching the International Dividend Growth Fund appeals to investors seeking sustainable dividend growth.
Related Jobs
RemoteRemoteSecurity Architect
EarnestSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemotePrincipal DevSecOps Engineer
Second Front SystemsSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteDirector, Security Operations Center (SOC)
UltraViolet CyberSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteQuality Assurance (QA) Engineer
WanderSalary not specified
- Full Time
- Mid-level (3 to 4 years)