Senior Application Security Engineer
M&T BankFull Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Candidates should have 3-5 years of technical product security experience, including SSDLC tooling, automation, remediation advisory, security testing, and threat modeling. Proven ability to solve complex product security issues and protect products using a risk-based approach is essential, along with extensive knowledge of the current product security threat landscape and industry best practices. Experience working in Agile development with technologies such as containers (Docker, Kubernetes), pipeline security tool integration, defect tracking (Jira, ServiceNow), source code management (GitLab, GitHub, BitBucket), and application security testing tools (SAST, DAST, IAST, SCA) is required. The role also requires the ability to innovate and find creative solutions that balance business and security needs, and potentially provide on-call support.
The Product Security Engineer will participate in expanding and maturing the SailPoint S-SDLC program, performing proactive and reactive scanning and auditing throughout the SSDLC, and triaging issues with development teams. Responsibilities include configuring, maintaining, and tuning product and application security technologies, reducing false positives, and assisting tech leads and developers with remediation strategies. The engineer will support automation and tooling of security technologies for development teams, assist in developing custom software quality tests and Security as Code solutions, and review designs for security defects while performing threat modeling. They will also provide training and guidance to development teams, cultivate security ownership, communicate new security services, manage product/application vulnerabilities, provide input to security risk impact assessments, and work closely with engineering to sustain processes and automate manual integrations. Additionally, the role involves being part of the Product Security Incident Response Team (PSIRT).
Provides identity security solutions for enterprises
SailPoint provides identity security solutions that help organizations manage and protect digital identities. Its main products, including IdentityIQ, IdentityNow, and File Access Manager, assist businesses in ensuring compliance with regulations, reducing risks, and controlling access to sensitive information. These products work by giving organizations visibility into who has access to what data, allowing them to manage permissions effectively. SailPoint stands out from competitors by utilizing advanced technologies like artificial intelligence and machine learning to enhance its identity governance capabilities. The company's goal is to be a trusted partner for enterprises in navigating the complexities of identity security, ensuring that they can securely manage access to their critical information.