Senior Application Security EngineerApply Job ID: R-023080 Date posted: 05/12/2022 Primary Location SC-Remote Other Locations TX-Austin , SD-Remote , TX-Remote ,CA-San Diego
Are you a team player? Are you curious to learn? Are you interested in working in meaningful projects? Do you want to work with cutting-edge technology? Are you interested in being part of a team that is working to transform and do things differently? If so, LPL Financial is the place for you!
LPL Financial (Nasdaq: LPLA) was founded on the principle that the firm should work for the advisor, and not the other way around. Today, LPL is a leader* in the markets we serve, supporting more than 18,000 financial advisors, 800 institution-based investment programs and 450 independent RIA firms nationwide. We are steadfast in our commitment to the advisor-centered model and the belief that Americans deserve access to personalized guidance from a financial advisor. At LPL, independence means that advisors have the freedom they deserve to choose the business model, services, and technology resources that allow them to run their perfect practice. And they have the freedom to manage their client relationships, because they know their clients best. Simply put, we take care of our advisors, so they can take care of their clients.
LPL is hiring a Senior Application Security Engineer role for our Information Security team.
As a senior member of the Information Security team, the Senior Application Security Engineer will be responsible for helping to develop, mature, and sustain the Application Security program for the company. Application security is a top area of focus at LPL. We have incorporated key industry security best practices, technologies and integrated processes to further strengthen our defense posture. This is an exciting time to join the Information Security Vulnerability management team as we are continuing to expand the Application Security program.
Perform as an application security SME in the following areas: Web Applications, Mobile Applications, Databases, APIs, Containers and other domains.
Support and maintain application security testing platforms and develop integrations with automation platforms
Create and maintain scan profiles for performing static, authenticated dynamic, IAST, and 3rd party library automated analysis with application scanning tools
Review and analyze vulnerability scan results and track closure of vulnerabilities
Work with Application Development teams to review potential false-positive scan results and evaluate proposed mitigating factors
Perform manual testing of APIs and web applications to identify/validate vulnerabilities
Produce and track application security metrics
Support the secure development and testing of critical Advisor and Investor LPL applications
Mentor and educate product development and quality engineers on secure development and security best practices
Monitor and review CVEs, industry developments, and provide inputs for continuous improvement
Work with Internal Audit, IT Governance, IT Compliance and other key stakeholder groups on specific projects
Develop and maintain enterprise security libraries, components, best practices checklists and perform application security risk evaluation, partner with key stakeholders to further enhance application security CI/CD pipeline and continually assess security posture for improvement.
Other duties as assigned.
What are we looking for?
We want strong collaborators who can deliver a world-class client experience. We are looking for people who thrive in a fast-paced environment, are client-focused, team oriented, and are able to execute in a way that encourages creativity and continuous improvement.
Bachelor’s Degree or equivalent in Information Security, Engineering, Computer Science.
5+ years of combined Application Development and Security Engineering or Security Architecture experience
5 + years of experience using Application Security Code Scanning Tools such as Veracode and J-Frog as well as manual tools such as Burpsuite and Postman
5 + years of experience working with security of applications developed in C#, Java, and web (HTML, CSS, JS, React, REST) technologies
In depth understanding of OWASP Top 10 Critical Web Application Security Risks, their identification, and architecture, design, coding patterns to mitigate them
Developer with strong application security acumen, hands on experience with security design reviews and threat modeling
Knowledge of secure coding best practices, secure SDLC, secure architecture, and DevSecOps methodologies
Experience creating and managing policy, processes and procedure documents
Strong analytical, interpersonal and communication skills
Ability to train and mentor agile development teams
Experience at a financial services/technology company or in a regulated industry.
Ability to communicate with both technical and non-technical stakeholders at all levels of the organization.
Experience working with DevSecOps and CI/CD pipelines
At LPL, we believe that objective financial guidance is a fundamental need for everyone. As the nation’s leading independent broker-dealer, we offer an integrated platform of proprietary technology, brokerage, and investment advisor services. We provide you with a work environment that encourages your creativity and growth, a leadership team that is supportive and responsive, and the opportunity to create a career that has no limits, only amazing potential.
We are one team on one mission. We take care of our advisors, so they can take care of their clients.
Because our company is not too big and not too small, you can seize the opportunity to make a real impact. We are committed to supporting workplace equality, and we embrace the different perspectives and backgrounds of our employees.We also care for our communities, and we encourage our employees to do the same. This creates an environment in which you can do your best work.
Want to hear from our employees on what it’s like to work at LPL? Watch this!
We take social responsibility seriously. Learn more here
Want to see info on our benefits? Learn more here
Join the LPL team and help us make a difference by turning life’s aspirations into financial realities. Please log in or create an account to apply to this position. Principals only. EOE.
Information on Interviews:
LPL will only communicate with a job applicant directly from an @lplfinancial.com email address and will never conduct an interview online or in a chatroom forum. During an interview, LPL will not request any form of payment from the applicant, or information regarding an applicant’s bank or credit card. Should you have any questions regarding the application process, please contact LPL’s Human Resources Solutions Center at (800) 877-7210.