Application Security Engineer
Webster Bank

Job Description

If you're looking for a meaningful career, you'll find it here at Webster. Founded in 1935, our focus has always been to put people first--doing whatever we can to help individuals, families, businesses and our colleagues achieve their financial goals. As a leading commercial bank, we remain passionate about serving our clients and supporting our communities. Integrity, Collaboration, Accountability, Agility, Respect, Excellence are Webster's values, these set us apart as a bank and as an employer.

Come join our team where you can expand your career potential, benefit from our robust development opportunities, and enjoy meaningful work!

As an Application Security Engineer, you will play a vital role in safeguarding our organization's applications and data. Your expertise will help us maintain a robust security posture and ensure the trust of our users and stakeholders.

The primary function for this position is to ensure that applications and services are secured and implemented with best security practices. As an Application Security Engineer, you will be responsible for designing, implementing, and maintaining security measures for our organization's applications and software systems. You will work closely with development teams to integrate security practices throughout the software development lifecycle (SDLC) and ensure that our applications are protected against potential threats and vulnerabilities. You will help manage the application security program, define standards, policies, and procedures, and coordinate with engineering teams to implement and maintain security platforms.

Key Responsibilities

Security Assessment and Implementation

• Conduct security-focused code reviews and application security assessments
  
• Perform threat modeling and risk assessments for new and existing applications
  
• Implement and maintain security controls, including authentication, authorization, and encryption mechanisms
  
• Develop and oversee secure code analysis programs in conjunction with development teams
  

Vulnerability Management

• Identify and assess security vulnerabilities in applications and systems
  
• Lead the remediation of application vulnerabilities discovered through scanning and security testing
  
• Help manage the organization's vulnerability intake and remediation process
  

Collaboration and Guidance

• Work closely with development teams to integrate security best practices into the SDLC
  
• Provide guidance and training on secure coding practices and application security
  
• Collaborate with IT professionals to harden systems and applications
  

Security Architecture and Design

• Assist in designing secure application architectures and infrastructure[
  
• Evaluate and provide recommendations on third-party applications and services
  
• Contribute to the development of security policies, standards, processes, and procedures
  

Continuous Improvement and Research

• Stay up-to-date with the latest security threats, trends, and countermeasures
  
• Research and analyze application behaviors to improve security and stability
  
• Contribute to the evolution of the organization's application security functions and services
  

Required Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field
  
• 5+ years of experience in cybersecurity, application security, or a similar IT role
  
• Strong understanding in security engineering, system and network security, authentication and security protocols, cryptography, and application security
  
• Strong understanding of web application security, including OWASP Top 10 vulnerabilities
  
• Proficiency in secure coding practices and common programming languages (e.g., .NET, Java, Python)
  
• Experience with security testing tools and methodologies (e.g., SAST, SCA, DAST, penetration testing)
  
• Familiarity with compliance regulations and industry security standards
  
• Excellent problem-solving and analytical skills
  
• Strong communication skills and ability to work effectively in cross-functional teams
  

Preferred Qualifications

• Relevant security certifications (e.g., CISSP, GIAC, CCNA)
  
• Experience with cloud security and containerization technologies
  
• Knowledge of DevSecOps practices and CI/CD pipelines
  
• Familiarity with threat modeling methodologies and risk assessment frameworks
  
• Experience with advanced persistent threats, phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authentication
  

Key Competencies

• Attention to detail and strong analytical thinking
  
• Ability to work in a fast-paced, dynamic environment
  
• Excellent written and verbal communication skills
  
• Proactive approach to identifying and addressing security issues
  
• Continuous learning mindset to stay updated on emerging security threats and technologies
  

The estimated salary range for this position is $115,000USD to $130,000USD. Actual salary may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position is eligible for incentive compensation.

#LI-EF1

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

---