Please Enable Cookies to Continue Please enable cookies in your browser to experience all the personalized features of this site, including the ability to apply for a job. Returning Candidate? Senior Security Engineer Location US-CA-San Marino Job ID 2020-7448 Category Other Position Type Full-Time
For more than 40 years, East West Bank has served as a pathway to success. With over 125 locations across the U.S. and Greater China, we are the premier financial bridge between the East and West. Our teams of experienced, multi - cultural professionals help guide businesses and community members on both sides of the Pacific looking to explore new markets and create new opportunities, and our sustained growth and expertise in industries like real estate, entertainment and media, private equity and venture capital, and high-tech help build sustainable businesses and expand our employees' potential for career advancement.
Headquartered in California, East West Bank (Nasdaq: EWBC) is a top performing commercial bank with an exclusive focus on the U.S. and Greater China markets. With assets of $44.2 billion, we've ranked among the 30 largest banks in the United States. And since 2010, we have been recognized by Forbes as one of the top 15 best banks in America. With a strong foundation, and enterprising spirit and a commitment to absolute integrity, East West Bank gives people the confidence to reach further.
East West Bank is currently seeking a Senior Application Security Engineer. This position will participate in establishing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected.
As an East West Bank employee, you will be part of a growing and stable organization that provides career path development opportunities while serving a growing and profitable market. As a valuable East West Bank team member, your duties (not limited to) will include:
- Under the direction of the Information Security-Team Lead, develop strategies and plans to achieve application security requirements and address identified risks.
- Engage and partner with development teams to build secure web applications and achieve greater security integration in the SDLC as well as closer security incorporation with CI/CD Pipeline and provide security best practices.
- Perform web and mobile application security assessments including penetration tests as needed on internal and external applications, create reports, review results with developers and security teams, and offer solutions for remediation.
- Perform manual security code review and analysis when required.
- Implement, manage, develop and improve application security toolset to automate code scanning to identify issues early in SDLC for developers to remediate.
- Communicate application security concepts to both technical and non-technical personnel.
- Enhance application security processes and/or build new application security processes.
- Assist in the development of security architecture and security policies, principles and standards.
- Gather, analyze and assess the current and future threat landscape, and assist in providing leadership with a realistic overview of risks and threats in the enterprise environment.
- Work with business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments.
- Perform security testing and vulnerability assessments to identify security strengths and weaknesses, to assess the effectiveness of existing controls, and to recommend remedial action.
- Perform incident management and response activities as a member of the bank’s incident management team. As required, assist in triage, response and mitigation, post mortem analyses, and forensic analyses.
- Review audit trails, system logs and other monitoring data sources regularly and ensure they are in compliance with policies and audit requirements.
- 7-10 years of IT and 3-5 AppSec/DevSecOps experience.
- Secure coding experience with one or more of the following: Python, Java, .NET,
- Familiar with defect tracking and management systems like Jira.
- Familiar with SDLC concepts such as Agile, Waterfall, CI/CD and DevSecOps
- Familiar with build systems such as Jenkins or Maven
- Familiar with IDEs Visual Studio, eclipse, or IntelliJ IDEA
- Experience with at least one of the following: IAST/SAST/DAST/RASP tools.
- Experience performing Application Security Scans and manual penetration tests with Burp Suite or comparable tools.
- In - depth knowledge of risk assessment methods and technologies
- Proficient use of various tools and techniques, including risk, business impact, control and vulnerability assessments, used to identify business needs and determine control requirements.
- Knowledge of network infrastructure, including routers, switches, firewalls and associated network protocols and concepts.
- Strong knowledge of all core internet protocols (e.g., TCP/IP, DNS, SMTP, HTTP, etc.)
- An undergraduate degree is required, preferably engineering or IT related.
- Experience with the following tools:
- WAF Technologies
- Microsoft Azure or AWS experience.
- A passion for application security and security posture improvement. Excellent technical knowledge of Microsoft Windows operating systems and a wide range of security technologies, such as network security appliances, identity and access management systems, anti- malware solutions, automated policy compliance, logging and filtering tools , and desktop security solutions.
- Experience with IDS/IPS/SIEM and related security tools and technologies, such as Splunk.
- Familiarity with router and firewall operations and maintenance.
- Ability to interact with personnel at all levels and across all business units / organizations, and to understand business imperatives.
- Experience working with security tools such as SIEM, vulnerability scanning, laptop data encryption, endpoint data protection.
Options Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed Connect With Us! Not ready to apply? for general consideration. East West Bank is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other legally protected status. Reasonable accommodations for disability are provided to applicants and employees in accordance with applicable law.
Software Powered by iCIMS