Skip Navigation
The health and safety of our employees and candidates is very important to us. Due to the current situation related to the Novel Coronavirus (COVID-19), we’re leveraging our digital capabilities to ensure we can continue to recruit top talent at LPL Financial.As your application progresses, you may be asked to use one of our digital tools to help you through your recruitment journey. If so, one of our recruiters will explain what type of interviewing technology will be used throughout the recruitment process and will be on hand to answer any questions that you have. You can also email us at LPLFinancialHiring@lplfinancial.com.
Search LPL Jobs

Search LPL Jobs

View All Current Opportunities at LPL Financial

Senior Application Security Engineer

Job ID: R-023080 Date posted: 05/12/2022 Primary Location SC-Remote Other Locations TX-Austin , SD-Remote , TX-Remote ,CA-San Diego

Are you a team player? Are you curious to learn? Are you interested in working in meaningful projects? Do you want to work with cutting-edge technology? Are you interested in being part of a team that is working to transform and do things differently? If so, LPL Financial is the place for you!

LPL Financial (Nasdaq: LPLA) was founded on the principle that the firm should work for the advisor, and not the other way around. Today, LPL is a leader* in the markets we serve, supporting more than 18,000 financial advisors, 800 institution-based investment programs and 450 independent RIA firms nationwide. We are steadfast in our commitment to the advisor-centered model and the belief that Americans deserve access to personalized guidance from a financial advisor. At LPL, independence means that advisors have the freedom they deserve to choose the business model, services, and technology resources that allow them to run their perfect practice. And they have the freedom to manage their client relationships, because they know their clients best. Simply put, we take care of our advisors, so they can take care of their clients.

Job Overview:

LPL is hiring a Senior Application Security Engineer role for our Information Security team.

As a senior member of the Information Security team, the Senior Application Security Engineer will be responsible for helping to develop, mature, and sustain the Application Security program for the company.  Application security is a top area of focus at LPL. We have incorporated key industry security best practices, technologies and integrated processes to further strengthen our defense posture. This is an exciting time to join the Information Security Vulnerability management team as we are continuing to expand the Application Security program. 

Responsibilities:

  • Perform as an application security SME in the following areas: Web Applications, Mobile Applications, Databases, APIs, Containers and other domains.

  • Support and maintain application security testing platforms and develop integrations with automation platforms

  • Create and maintain scan profiles for performing static, authenticated dynamic, IAST, and 3rd party library automated analysis with application scanning tools

  • Review and analyze vulnerability scan results and track closure of vulnerabilities

  • Work with Application Development teams to review potential false-positive scan results and evaluate proposed mitigating factors

  • Perform manual testing of APIs and web applications to identify/validate vulnerabilities

  • Produce and track application security metrics

  • Support the secure development and testing of critical Advisor and Investor LPL applications

  • Mentor and educate product development and quality engineers on secure development and security best practices

  • Monitor and review CVEs, industry developments, and provide inputs for continuous improvement

  • Work with Internal Audit, IT Governance, IT Compliance and other key stakeholder groups on specific projects

  • Develop and maintain enterprise security libraries, components, best practices checklists and perform application security risk evaluation, partner with key stakeholders to further enhance application security CI/CD pipeline and continually assess security posture for improvement.

  • Other duties as assigned.

What are we looking for?

We want strong collaborators who can deliver a world-class client experience. We are looking for people who thrive in a fast-paced environment, are client-focused, team oriented, and are able to execute in a way that encourages creativity and continuous improvement.

Requirements:

  • Bachelor’s Degree or equivalent in Information Security, Engineering, Computer Science.

  • 5+ years of combined Application Development and Security Engineering or Security Architecture experience

  • 5 + years of experience using Application Security Code Scanning Tools such as Veracode and J-Frog as well as manual tools such as Burpsuite and Postman

  • 5 + years of experience working with security of applications developed in C#, Java, and web (HTML, CSS, JS, React, REST) technologies

Core Competencies:

  • In depth understanding of OWASP Top 10 Critical Web Application Security Risks, their identification, and architecture, design, coding patterns to mitigate them

  • Developer with strong application security acumen, hands on experience with security design reviews and threat modeling

  • Knowledge of secure coding best practices, secure SDLC, secure architecture, and DevSecOps methodologies

  • Experience creating and managing policy, processes and procedure documents

  • Strong analytical, interpersonal and communication skills

  • Ability to train and mentor agile development teams

Preferences:

  • Experience at a financial services/technology company or in a regulated industry.

  • Ability to communicate with both technical and non-technical stakeholders at all levels of the organization.

  • Experience working with DevSecOps and CI/CD pipelines

Why LPL? 

At LPL, we believe that objective financial guidance is a fundamental need for everyone. As the nation’s leading independent broker-dealer, we offer an integrated platform of proprietary technology, brokerage, and investment advisor services. We provide you with a work environment that encourages your creativity and growth, a leadership team that is supportive and responsive, and the opportunity to create a career that has no limits, only amazing potential.

We are one team on one mission. We take care of our advisors, so they can take care of their clients.

Because our company is not too big and not too small, you can seize the opportunity to make a real impact. We are committed to supporting workplace equality, and we embrace the different perspectives and backgrounds of our employees.We also care for our communities, and we encourage our employees to do the same. This creates an environment in which you can do your best work.

Want to hear from our employees on what it’s like to work at LPL?  Watch this!

We take social responsibility seriously. Learn more here

Want to see info on our benefits?  Learn more here

Join the LPL team and help us make a difference by turning life’s aspirations into financial realities. Please log in or create an account to apply to this position. Principals only. EOE.

Information on Interviews:

LPL will only communicate with a job applicant directly from an @lplfinancial.com email address and will never conduct an interview online or in a chatroom forum.  During an interview, LPL will not request any form of payment from the applicant, or information regarding an applicant’s bank or credit card.  Should you have any questions regarding the application process, please contact LPL’s Human Resources Solutions Center at (800) 877-7210.

Sign Up for LPL's Talent Community

If you’d like to receive recruiter outreach, news and information from LPL Financial, as well as details on current opportunities that match your preferences and interests, please sign up below.

Area(s) of InterestSelect a job category from the list of options. Search for a location and select one from the list of suggestions. Finally, click “Add” to create your job alert.

  • Information Technology, South Carolina, United StatesRemove
  • Information Technology, Austin, Texas, United StatesRemove
  • Information Technology, San Diego, California, United StatesRemove