Job Description

BNY Mellons Data and Analytics Solutions further extend Asset Servicing capabilities in securities and cash into the worlds most important asset class, data. As a software and content business, inclusive of Eagle Investment Systems data management, accounting, and performance platform and Intermediary Analytics sales and distribution data, the offering also includes a suite of new cloud-based products. An ecosystem of proprietary and third-party business applications are available to help firms manage their core investment process and beyond.

t
* Team member of a full scope AppSec service (assess, discover, triage, communicate risk, advise on remediation and/or where necessary implement hotfix/workarounds) collaborating with product owners, developers, technical operation teams within the both Product Development Lifecycle (PDLC) and Software Development Lifecycle (SDLC).
t
* Continuous improvement and service delivery of the application security program, aligning staff, tools, and processes to key security metrics and controls within the PDLC/SDLC enabling timely and secure Product feature releases.
t
* Provide application security guidance and oversight across Product Management, Research & Development, and Operations teams to Influence the design and implementation of upcoming products and services with a mindset of Security by Default.
t
* Responsible for overall Application Security assessments and posture through security testing on applications using dynamic and static analysis tools and penetration testing for both internal / external managed services.
t
* Design and deploy state-of-art technology to meet the business needs and interface with business units regarding technical planning and application security topics.
t
* Perform proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes.
t
* Perform validation of security controls to insure adherence with compliance and industry best practices.
t
* Perform hands on security testing of products and services to proactively Client risk and track them to resolution
t
* Use a risk-based approach, advocate for and help prioritize remediation of security findings and develop/report metrics measuring the state of application security program

Qualifications

Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred 10-12 years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.

Qualifications/Required Skills:

t
* 3+ years previous experience in information security and application security domains
t
* 3+ years experience working within software development supporting multiple languages (e.g., Java, Python, and Node) and understand how to detect/remediate related security issues such as OWASP top 10
t
* 2+ years experience with DevSecOps tooling (e.g., Sonarqube, ZAP/Burp, Github, Jenkins, Artifactory/Xray, Web application firewalls WAFs)
t
* 1+ years experience with Public Cloud (e.g., Azure, AWS, and GCP) technologies (e.g., kubernetes, containers, databases as service)
t
* 1+ years experience with securing containers, host, databases, and application solutions for multi-tier and micro-service systems.
t
* Have a strong knowledge of building security into continuous integration and delivery (CI/CD) pipeline.
t
* Ability to understand business requirements and apply security without adversely affecting the desired functionality
t
* Experience with securing containers, host, databases, and application solutions for multi-tier and micro-service systems.
t
* Relevant security certifications a plus (such as: GWAPT, GPEN, GCIH)
t
* High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgment as it pertains to security.