Truist Application Security Engineer in Raleigh, North Carolina
Req ID: R0032548
Specific information related to the position is outlined below. To apply, click on the button above. You will be required to create an account (or sign in with an existing account). Your account will provide you access to your application information.Need Help?
Should you have a disability and need assistance with the application process, please request a reasonable accommodation by emailing Accessibilityor by calling 877-891-2510. This email inbox is monitored for reasonable accommodation requests only. Any other correspondence will not receive a response.
Regular or Temporary: Regular Language Fluency: English (Required) Work Shift: 1st shift (United States of America)
Please review the following job description: As an Application Security Engineer, you will use automated scanning tools and manual techniques to conduct application security testing. You will provide expertise to improve security posture. You will handle and direct complex application security testing, scheduling, and coordination with the LOB to obtain the required information. Other responsibilities are application security scheduling, coordination, training, and administrative work. Identifies web application security vulnerabilities (e.g., OWASP Top 10) using automated tools and manual techniques. Configures/Performs DAST testing, composes reports, and delivers reports to the proper tool/team. Works directly with internal business units to communicate risk. The ideal candidate is passionate about cybersecurity, continuing their professional growth, and/or looking to transition from application development or experience with AWS or AZURE.
- Perform Dynamic Application Security Testing (DAST) as part of the software development lifecycle, identifying weaknesses for remediation.
- Partner with enterprise and solutions architects, software engineers, DBAs, and QA engineers to ensure adequate security throughout the SDLC.
- Stay up to date on current software development technologies, security controls, threats, and vulnerabilities.
- Effective communication is critical in this role as you will be interacting with various teams with limited to no knowledge of the product you working with
- Install, Configure, use, and maintain web applications, API testing tools, and mobile tools.
- Provide complete documentation about identified security vulnerabilities and related issues, concisely and timely.
- Stay current on emerging threats.
- Actively participate in improving the security culture and education throughout the organization
- Work with design and implementation teams to increase DevSecOps capabilities in cloud offerings using CI/CD toolsets and automation
- Drive issue resolution using standard processes and procedures Required Experience, Qualifications and Skills:
- Combined 15 years’ experience in:
- A software development role such as Software Developer, Software
- Cloud environment
- Experience in any of the following fields:
- Dynamic Application Security Engineer
- DevOps Engineer
- Web Developer
- Cloud Engineer
- Mobile Security Engineer
- API Security Engineer
- Foundational knowledge of web application (SaaS) design best practices and secure software development.
- Understanding of agile development practices and how to integrate security into those practices.
- Knowledge of
- OWASP top 10 (Web Applications, API, and Mobile)
- Application security vulnerabilities.
- NIST 800-53 and MITRE ATT&CK
Preferred Experience, Qualifications and Skills * Bachelor's degree in Cyber Security, Information Systems, or Computer Science * Experience with PCI/HIPPA compliance. * Security certifications such as CISSP, CSSLP, GWEB, OSCP, OSWE or other web application security certifications. * Experience with cloud computing, Microsoft Azure platforms. * Experience with SOA, web services, REST, SOAP, XSLT, XSD, and XML. * Knowledge of common web application security flaws and secure coding practices, and the ability to clearly explain security issues to project and development staff. * Experience with using security testing tools. * Ability to take on a high level of responsibility, initiative, and accountability. * Experience with scripting/programming language. * The candidate should have experience performing static and dynamic security testing on Android and iOS mobile applications and services. * Strong analytical skills * High Attention to Detail * Verbal and written communication skills * Self-motivated * Results-oriented Experienced with the following tools:
- Web Applications
- Qualys WAS
- WhiteHat Sentinel
- Burp Suite
- Synopsys 3d
- WhiteHat Sentinel
- Virtual Box
- Hacker Tools
- Kali Linux
Truist supports a diverse workforce and is an Equal Opportunity Employer who does not discriminate against individuals on the basis of race, gender, color, religion, national origin, age, sexual orientation, gender identity, disability, veteran status or other classification protected by law. Drug Free Workplace. Thank you for your interest in Truist! BB&T and SunTrust have come together in a transformational merger of equals to create Truist, the premier financial organization in the country. You may notice references to our legacy company names, BB&T and SunTrust, in places throughout this site. All such references should be understood to refer to Truist moving forward while we continue to transition to the Truist name. EEO is the Law Pay Transparency Nondiscrimination Provision E-Verify
Thank you for your interest in Truist! BB&T and SunTrust have come together in a transformational merger of equals to create Truist, the premier financial organization in the country. You may notice references to our legacy company names, BB&T and SunTrust, in places throughout this site. All such references should be understood to refer to Truist moving forward while we continue to transition to the Truist name.
© 2017 SunTrust Banks, Inc. All rights reserved.
SunTrust is federally registered service marks of SunTrust Banks, Inc.