Senior Application Security Engineer
M&T BankFull Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Candidates should have demonstrable experience leading application security design and architecture reviews, with a key focus on Ruby on Rails. Extensive experience working with developers and driving application security standards is required, along with expertise in owning software vulnerability management from triage to remediation. Experience securing CI/CD pipelines, deploying and automating security testing tools (SAST, DAST, SCA, IaC), and expertise in threat modeling frameworks are also necessary. Familiarity with IaaS/PaaS cloud infrastructure, infrastructure as code, and software-oriented architecture is expected.
The Senior Application Security Engineer will design, evaluate, and implement software security standards, and build tools, processes, and solutions to improve the Huntress security platform. They will influence and guide teams on secure-by-design principles, act as a security subject matter expert, and provide final review on high-risk pull requests. Responsibilities include leading secure development training, collaborating with development teams to adopt security tools, advocating for security changes, assisting teams with vulnerability remediation, partnering with DevOps for secure code delivery, owning the Vulnerability Disclosure Program, and assisting in the development of security processes and automated tooling. They will also implement an auditable Application Security program.
Managed endpoint detection and response services
Huntress provides managed endpoint detection and response (EDR) services to protect businesses from cyber threats, particularly ransomware. Their service includes 24/7 monitoring of clients' systems to identify potential cyberattacks. When a threat is detected, their team of security experts verifies the activity and alerts the client only if necessary, reducing the number of false positives that can occur with other services. In addition to threat hunting, Huntress offers security awareness training and resources like eBooks and webinars to educate employees about cybersecurity risks. Their commitment to high customer support and personalized reporting distinguishes them from competitors in the cybersecurity field. The goal of Huntress is to enhance the security posture of businesses by providing effective monitoring and education against cyber threats.