Posted in General Business 30+ days ago.
Type: Full-Time
Overview
In this role, you will provide security and controls assessment for new and existing applications, platforms, and systems within the Secure Software Development Lifecycle (SSDLC). You will perform automated and manual application security testing on T Rowe Price IT systems and raise security risks and technology defects quickly to technology management for evaluation and treatment.
Role summary and job responsibilities
You will function as a domain authority for secure development practices and ensure they are known and adhered to throughout the enterprise.
Lead web application penetration tests to discover OWASP Top 10 style vulnerabilities.
Provide advice and solutions within software development and engineering, as well as business teams, to convey findings and risk, leading discussions on remediation strategies and risk assessment.
Leads the execution of the SSDLC activities, serving as an SME on all types of testing and assessment of applications, platforms, and systems, as well as overall strategy.
Identifies non-obvious relationships and anomalies in technology stacks often overlooked by others.
Applies lessons learned with each engagement to the overall SSLDC process, improving efficiencies and capabilities with knowledge gained.
Provides feedback and mentoring to team members and technology teams and may directly lead small teams.
Other duties as assigned.
Knowledge
Solid knowledge of application architecture and layer 7 protocols.
Familiar with modern web app compromise methodology and kill chains.
Familiar with modern web application development frameworks.
Familiar with full stack cloud development such as containers, IAM policies, security groups, VPCs, infrastructure as code, etc.
Articulates broader business concerns and/or regulatory landscape, including key risks and controls (e.g., GDPR, MIFID, SOX, SOC1, SOC2).
Makes decisions that are cognizant of the firm’s broader security and technology strategies.
Requirements
Typically requires 5+ years of relevant experience
Knowledge of and technical familiarity with cutting edge of industry trends and technologies and knows when/how/if to apply them appropriately.
Defines security testing strategy for products and ensures alignment to strategy.
Knows and can implement modern software testing techniques (e.g. static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), etc.).
Expert understanding of modern authentication and authorization techniques and technologies.
Skilled in automating manual tasks and enabling customer self-service.
Advanced certifications such as OSCP/OSWE preferred.
Job Family: Security Assessment Engineering
Track: Knowledge Management (KM)
Level: 4
T. Rowe Price is committed to providing our associates with a comprehensive total rewards benefit program, including wellness, retirement and quality-of-life benefits. Please view What We Offer to see what's available to you.
The Judge Group Inc. |
T. Rowe Price |
T. Rowe Price |