Application Security Engineer

Posted:
7/30/2024, 5:00:00 PM

Location(s):
Irvine, California, United States ⋅ California, United States ⋅ Walnut Creek, California, United States

Experience Level(s):
Mid Level ⋅ Senior

Field(s):
IT & Security

Workplace Type:
On-site

Mechanics Bank is currently searching for an Application Security Engineer to join our team. Here at Mechanics Bank, we value connection, partnership, long term relationships and working together in person. This role will be working on-site at our Irvine office.

Under limited direction, the Application Security Engineer is responsible for securing the bank’s network and external-facing applications through continuous penetration testing, application code review, threat hunting, web application firewall management, and vulnerability scanning. This role requires effective communication of remediation requirements to both technical and business leaders. Additionally, the engineer takes a leading role in DevSecOps process discussions and planning.

What you will do:

  • Defines security requirements for the implementation of new applications and projects: Serves as a security engineer/consultant on projects, works closely with the application development team to ensure coding follows security best practices, provides security guidance during the design and implementation phases to ensure robust security controls are integrated from the start.
  • Performs continuous penetration testing: Effectively documents and reports findings, illustrating risks and requirements for resolution. Recommends and implements improvements based on testing outcomes.
  • Leads security research on threats and remediation techniques and technology: Makes informed recommendations to Information Security and Information Technology teams, oversees the implementation of recommended security measures.
  • Conducts security event analysis and intrusion detection (IDS/IPS): Leads incident response efforts, including triage, incident analysis/forensics, and remediation. Develops and refines incident response processes and playbooks.
  • Serves on the Incident Response Team: Focuses on Computer Incident Response, coordinates with various teams to ensure a cohesive and effective incident response.
  • Supports the Bank’s operational information security responsibilities, including the development and maintenance of standards, procedures, and guidelines necessary to satisfy the Information Security department’s network operations.
  • Manages and enhances the bank’s network vulnerability management program: Regularly assesses and updates vulnerability management practices to ensure they meet current security standards and address emerging threats.
  • Assists in conducting risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications and systems.
  • Provides technical support to regulatory agencies, external auditors, and internal auditors, as required, to respond to audits and examinations of the Bank’s control environment

Who you are:

  • Preferred: Bachelor’s Degree in a related field, or equivalent education, certifications, and experience
  • Required:  3 - 5 years’ experience in application security, penetration testing, or a comparable role
  • Required: Understanding of one or more of the following programming languages: C#, Angular JavaScript, T-SQL
  • Preferred: Industry Standard Certifications, such as: CompTIA CASP+; GIAC, EC-Council, (ISC)2, OSCP, CompTIA Linux+; ISC2 CISSP, CompTIA Network+
  • Understanding of one or more scripting languages.
  • Understanding of Linux, Windows, and Mac OS.
  • Passion for automation and scripting (Python, Perl, Bash, PowerShell, etc.).
  • Strong technical skills with Microsoft Office; must have the ability to effectively communicate and write reports understandable to both business and technical staff.
  • Threat analysis / Incident Response: interpreting events and analyzing network traffic.
  • Mitigating and addressing threat vectors including XSS, broken authentication, SQL injections, SSRF, misconfigurations, insecure designs.
  • Application vulnerabilities/penetration testing/remediation.
  • Knowledge of current and upcoming IT security technologies.
  • Awareness of the latest and common security threats (OWASP Top 10, OWASP for API).
  • Excellent ability to diagnose and troubleshoot accessibility issues.
  • Skill in oral and written communication, including presentations to senior management.
  • Ability to influence and work with employees at all levels of the organization

#LI-ML1

Pay Range: $120,000 - $170,000 annually

Final compensation package will be determined by the work experience, education, and/or skill level of the applicant along with internal equity and alignment with geographic market data.

  • Mechanics Bank is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, religion, national origin, age, genetic information, veteran status, or on the basis of disability, gender identity, sexual orientation or other bases prohibited by applicable law.
  • Please view Equal Employment Opportunity Posters provided by OFCCP here.
  • To learn more about Mechanics Bank’s California privacy and security policies, including your right to a Notice At Collection as a California Resident, please visit https://www.mechanicsbank.com/California-Consumer-Residents