Senior Application Security AnalystApply Job ID: R-006233 Date posted: 07/01/2020 Primary Location SC-Fort Mill Other Locations TX-Austin , CA-San Diego
LPL is hiring a Senior Application Security Analyst role for our Information Security team. As a senior member of the Information Security team, the Senior Application Security Analyst will be responsible for helping to develop and mature the Application Security program for the company. Application security is a top area of focus at LPL. We have incorporated key industry security best practices, technologies and integrated processes to further strengthen our defense posture. This is an exciting time to join the Information Security Vulnerability management team as we are continuing to expand the vulnerability management program. Location: Considered in Charlotte (Fort Mill), San Diego, or Austin
- Perform as a vulnerability management application security SME in the following areas: Web Applications, Mobile Applications, Databases, APIs and other domains.
- Create and maintain scan profiles for performing static, authenticated dynamic, and 3rd party library automated analysis with application scanning tools
- Review and analyze vulnerability scan static and dynamic results and track closure of vulnerabilities
- Work with Application Development teams to review potential false-positive scan results and evaluate proposed mitigating factors
- Perform manual testing of APIs and web applications to identify/validate vulnerabilities
- Produce and track application security metrics
- Support the secure development and testing of critical Advisor and Investor LPL applications
- Mentor and educate product development and quality engineers on secure development and security best practices
- Monitor and review CVEs, industry developments, and provide inputs for continuous improvement
- Work with Internal Audit, IT Governance, IT Compliance and other key stakeholder groups on specific projects
- Develop and maintain enterprise security libraries, components, best practices checklists and perform application security risk evaluation, partner with key stakeholders to further enhance application security CI/CD pipeline and continually assess security posture for improvement.
- Other duties as assigned.
- Bachelors and/or Master’s Degree or equivalent in Information Security, Engineering, Computer Science.
- 5+ years of combined Application Development and Security Engineering or Security Architecture experience
- Developer with strong application security acumen, hands on experience with security design reviews and threat modeling
- Experience using Application Security Code Scanning Tools such as Veracode and J-Frog as well as manual tools such as Burpsuite and Postman
- Knowledge of secure coding best practices, secure SDLC, secure architecture, and DevOps methodologies
- In depth understanding of OWASP Top 10 Critical Web Application Security Risks, their identification, and architecture, design, coding patterns to mitigate them
- Experience working with security of applications developed in C#, Java, and web (HTML, CSS, JS, React, REST) technologies
- Experience creating and managing policy, processes and procedure documents
- Strong analytical, interpersonal and communication skills
- Ability to train and mentor agile development teams
About LPL Financial:
LPL Financial is a leader in the retail financial advice market and the nation’s largest independent broker/dealer*. We serve independent financial advisors and financial institutions, providing them with the technology, research, clearing and compliance services, and practice management programs they need to create and grow thriving practices. LPL enables them to provide objective guidance to millions of American families seeking wealth management, retirement planning, financial planning and asset management solutions. LPL and its affiliates have more than 4,200 employees with primary offices in Boston, Charlotte, and San Diego.
*As reported by Financial Planning magazine, June 1996-2019, based on total revenue.
If you join LPL, you will join a culture that believes in delivering a world-class client experience and looks to all employees to contribute to that goal by sharing their creativity, experience, and passion for continuous improvement. As a destination of choice, our top priorities are growth and development, social responsibility, and financial health for our employees.
We offer competitive compensation and industry leading benefits, including a wellness facility with onsite fitness classes, healthy meal choices, and a walk-in clinic. We support employee financial health through a 401k match, ESPP, and employee discounts. Work/life balance is our foundation and is supported through paid holidays, and paid time off (including time to volunteer). We foster a diverse work environment through Employee Resource Groups and diverse strategic partnerships.
Join the LPL team and help us make a difference by turning life’s aspirations into financial realities. Please log in or create an account to apply to this position. Principals only. EOE.
Information on Interviews:
LPL will only communicate with a job applicant directly from an @lpl.com email address and will never conduct an interview online or in a chatroom forum. During an interview, LPL will not request any form of payment from the applicant, or information regarding an applicant’s bank or credit card. Should you have any questions regarding the application process, please contact LPL’s Human Resources Solutions Center at (800) 877-7210.