Southington, CT, USA
52 days ago
Application Security Engineer

If you’re looking for a meaningful career, you’ll find it here at Webster. Founded in 1935, our focus has always been to put people first--doing whatever we can to help individuals, families, businesses and our colleagues achieve their financial goals. As a leading commercial bank, we remain passionate about serving our clients and supporting our communities. Integrity, Collaboration, Accountability, Agility, Respect, Excellence are Webster’s values, these set us apart as a bank and as an employer.  

Come join our team where you can expand your career potential, benefit from our robust development opportunities, and enjoy meaningful work!

As an Application Security Engineer, you will play a vital role in safeguarding our organization's applications and data. Your expertise will help us maintain a robust security posture and ensure the trust of our users and stakeholders.

The primary function for this position is to ensure that applications and services are secured and implemented with best security practices.  As an Application Security Engineer, you will be responsible for designing, implementing, and maintaining security measures for our organization's applications and software systems. You will work closely with development teams to integrate security practices throughout the software development lifecycle (SDLC) and ensure that our applications are protected against potential threats and vulnerabilities.  You will help manage the application security program, define standards, policies, and procedures, and coordinate with engineering teams to implement and maintain security platforms.

Key Responsibilities

Security Assessment and Implementation

Conduct security-focused code reviews and application security assessments

Perform threat modeling and risk assessments for new and existing applications

Implement and maintain security controls, including authentication, authorization, and encryption mechanisms

Develop and oversee secure code analysis programs in conjunction with development teams

Vulnerability Management

Identify and assess security vulnerabilities in applications and systems

Lead the remediation of application vulnerabilities discovered through scanning and security testing

Help manage the organization's vulnerability intake and remediation process

Collaboration and Guidance

Work closely with development teams to integrate security best practices into the SDLC

Provide guidance and training on secure coding practices and application security

Collaborate with IT professionals to harden systems and applications

Security Architecture and Design

Assist in designing secure application architectures and infrastructure[

Evaluate and provide recommendations on third-party applications and services

Contribute to the development of security policies, standards, processes, and procedures

Continuous Improvement and Research

Stay up-to-date with the latest security threats, trends, and countermeasures

Research and analyze application behaviors to improve security and stability

Contribute to the evolution of the organization's application security functions and services

Required Qualifications

Bachelor's degree in Computer Science, Information Security, or a related field

5+ years of experience in cybersecurity, application security, or a similar IT role

Strong understanding in security engineering, system and network security, authentication and security protocols, cryptography, and application security

Strong understanding of web application security, including OWASP Top 10 vulnerabilities

Proficiency in secure coding practices and common programming languages (e.g., .NET, Java, Python)

Experience with security testing tools and methodologies (e.g., SAST, SCA, DAST, penetration testing)

Familiarity with compliance regulations and industry security standards

Excellent problem-solving and analytical skills

Strong communication skills and ability to work effectively in cross-functional teams

Preferred Qualifications

Relevant security certifications (e.g., CISSP, GIAC, CCNA)

Experience with cloud security and containerization technologies

Knowledge of DevSecOps practices and CI/CD pipelines

Familiarity with threat modeling methodologies and risk assessment frameworks

Experience with advanced persistent threats, phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authentication

Key Competencies

Attention to detail and strong analytical thinking

Ability to work in a fast-paced, dynamic environment

Excellent written and verbal communication skills

Proactive approach to identifying and addressing security issues

Continuous learning mindset to stay updated on emerging security threats and technologies

The estimated salary range for this position is $115,000USD to $130,000USD. Actual salary may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position is eligible for incentive compensation.

#LI-EF1

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

Confirm your E-mail: Send Email