This job listing has expired and the position may no longer be open for hire.

Senior Security Engineer at FINRA in Rockville, Maryland

Posted in General Business 30+ days ago.

Type: Full-Time





Job Description:

The Application Security Risk Manager (ASRM) is responsible for managing the organization’s information security risks, ensuring that security risks affecting the organization are known, evaluated for significance, appropriately communicated, and effectively addressed through the application of appropriate security controls and processes. The ASRM manages the security risk register and champions the timely resolution of security risks.

Essential Job Functions:


  • Solid Java Knowledge, and ideally at least historical Development Skills; e.g. a good understanding Core Java and relevant frameworks (e.g. Spring, Hibernate,).

  • Strong desire to make Security their career path

  • Strong understanding of both Web Application and Web Service architectures, as well as associated protocols

  • Application Security (AppSec) domain knowledge/experience, with knowledge of most common vulns; in order of preference:

  • Manual source code review

  • Experience analyzing DAST/SAST scan results (not just running the tools); Ideally with AppScan and Checkmarx

  •  Application penetration testing; ideally with BurpSuite

  • Web Application Firewall (WAF) knowledge/experience

  • Networking fundamentals (ideally security-centric) Basic understanding of Cloud Computing (AWS strongly preferred

Highly Desired:


  • AWS Development Skills (e.g. ideally not just AWS Console access, but API level exposures) OR solid AWS Security knowledge; possibly with AWS certification.

  • Python Knowledge + Development Skills

  • Relevant Credentials, such as (Masters in Cybersecurity, OSCP, CEH, AWS Security (Specialty), AWS Solution Architect (Associate or Professional), …)

  • Capture the Flag (CTF) / red team exercise experiences.

Desired:

  • Selenium testing automation

Education/Experience Requirements:


  • Bachelor’s degree in Computer Science, Information Systems or related discipline with at least five (5) years of related experience, or equivalent training and/or work experience.

  • Experience must include direct experience in several of the key areas listed: securing networks and systems architecture, design and implementation, secure software assurance, intrusion detection, defense and incident response, security configuration management, access controls design and implementation and security policy and standards development.

  • In-depth knowledge of one or more communications protocols.

  • Experience with more than one Cyber Security tools, including: Configuration Assessment, Log Aggregation, Integrity Verification, Web Application Security Testing, Network Access Control System, Network Intrusion prevention systems, and Endpoint Security Solutions.

  • Strong written and verbal technical communication skills.

  • Demonstrated ability to develop effective working relationships that improved the quality of work products.

  • Should be well organized, thorough, and able to handle competing priorities.

  • Ability to maintain focus and develop proficiency in new skills rapidly.

  • Ability to work in a fast paced environment.

  • In-depth knowledge of more than one Information Security principle and discipline.

Work Conditions:


  • Work is normally performed in an office environment.

  • Occasional travel and extended hours may be required.

To be considered for this position, please submit an application.

The information provided above has been designed to indicate the general nature and level of work of the position. It is not a comprehensive inventory of all duties, responsibilities and qualifications required.

Please note: If the “Apply Now” button on a job board posting does not take you directly to the FINRA Careers site, enter www.finra.org/careers into your browser to reach our site directly.

FINRA strives to make our career site accessible to all users. If you need a disability-related accommodation for completing the application process, please contact FINRA’s accommodation help line at 240.386.4865. Please note that this number is exclusively for inquiries regarding application accommodations.

In addition to a competitive salary, comprehensive health and welfare benefits, and incentive compensation, FINRA offers immediate participation and vesting in a 401(k) plan with company match. You will also be eligible for participation in an additional FINRA-funded retirement contribution, our tuition reimbursement program and many other benefits. If you would like to contribute to our important mission and work collegially in a professional organization that values intelligence, integrity and initiative, consider a career with FINRA.

Important Information

FINRA’s Code of Conduct imposes restrictions on employees’ investments and requires financial disclosures that are uniquely related to our role as a securities regulator. FINRA employees are required to disclose to FINRA all brokerage accounts that they maintain, and those in which they control trading or have a financial interest (including any trust account of which they are a trustee or beneficiary and all accounts of a spouse, domestic partner or minor child who lives with the employee) and to authorize their broker-dealers to provide FINRA with duplicate statements for all of those accounts. All of those accounts are subject to the Code’s investment and securities account restrictions, and new employees must comply with those investment restrictions—including disposing of any security issued by a company on FINRA’s Prohibited Company List or obtaining a written waiver from their Executive Vice President—by the date they begin employment with FINRA. Employees may only maintain securities accounts that must be disclosed to FINRA at one or more securities firms that provide an electronic feed (e-feed) of data to FINRA, and must move securities accounts from other securities firms to a firm that provides an e-feed within three months of beginning employment.

You can read more about these restrictions here.

As standard practice, employees must also execute FINRA’s Employee Confidentiality and Invention Assignment Agreement without qualification or modification and comply with the company’s policy on nepotism.

Search Firm Representatives

Please be advised that FINRA is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, a valid written agreement and task order must be in place before any resumes are submitted to FINRA. All resumes submitted by search firms to any employee at FINRA without a valid written agreement and task order in place will be deemed the sole property of FINRA and no fee will be paid in the event that person is hired by FINRA.

FINRA is an Equal Opportunity and Affirmative Action Employer

All qualified applicants will receive consideration for employment without regard to age, citizenship status, color, disability, marital status, national origin, race, religion, sex, sexual orientation, gender identity, veteran status or any other classification protected by federal state or local laws as appropriate, or upon the protected status of the person’s relatives, friends or associates.

FINRA abides by the requirements of 41 CFR 60-741.5(a). This regulation prohibits discrimination against qualified individuals on the basis of disability, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities.

FINRA abides by the requirements of 41 CFR 60-300.5(a). This regulation prohibits discrimination against qualified protected veterans, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified protected veterans.

©2020 FINRA. All rights reserved. FINRA is a registered trademark of the Financial Industry Regulatory Authority, Inc.