Santander US Senior Associate, Application Security in Dallas, Texas
Summary of Responsibilities:
The Sr. Associate, Information security (Application Security) serves in a technical capacity to ensure software meets company standards. This includes providing assistance during the entire Secure SDLC process including risk assessments, threat modeling, code analysis, security testing, developer training and recommendations for remediating issues.
Ensures that security best practices are follow through all stages of Secure SDLC
Review software systems for design flaws including reviewing software architecture
Perform security testing including SAST/DAST as well as penetration testing
Provides direction and acts as an escalation point on projects and issues to other team members.
Interacts with partners as needed to explain work product, security techniques, methodology and results to ensure appropriate business value.
Acts as senior resource for incident response related activities. Collaborates with technical teams for security incident remediation and communication.
Acts as influencer of peers and management.
Oversees management and deployment of security infrastructure including SAST, DAST and open source scanning tools
Provides technical security consulting support to address complex business and technology projects and requests.
Contributes to strategic planning to evaluate, deploy or update security technologies.
Analyzes and implements security solutions to meet customer requirements.
Conducts risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications and systems.
Promotes cross-department collaboration and communication to ensure appropriate processes, procedures and tools are installed, monitored, and effectively operating and alerting.
Allocates and prioritizes security resources efficiently within the organization managing both resources and budgets.
Conducts security research on threats and remediation methods.
Develops and maintains a set of operational and forward-looking security metrics.
Conducts proof of concepts, vendor comparisons and recommend solutions in line with business requirements.
Oversees daily monitoring of security reports to identify issues and follow these issues to resolution.
Oversees security projects and the security testing of new and existing applications.
Prepares system security reports by collecting, analyzing, and summarizing data and trends; presents reporting for management review.
Creates process improvement by identifying inefficiencies and solutions for process improvements.
Writes clear implementation guidelines for the implementation engineers.
Guides and confirms that the design has been implemented as per the requirements.
Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
Acts as a subject matter expert (SME) while providing leadership, guidance, and mentorship to other team members.
Other duties as assigned.
At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.
Bachelor's Degree: Computer Science or equivalent major.
or equivalent work experience
9-12 years’ Experience in IT Security.
Working as a software developer, application security engineer or security architect.
Experience coding or code review in Java, .NET or another similar OOO language
Experience with SAST and DAST tools such as Fortify, Veracode, Appscan.
Strong knowledge of PCI, SOX, ISO and NIST security standards.
Experience with managing enterprise security projects.
Experience with penetration testing.
Skills & Abilities -
Strong understanding of OWASP top 10 and remediation of issues
Knowledge of web applications and services including restful web services
Understanding of modern OOO languages such as Java or .NET
Knowledge of risk assessment tools, technologies, and methods
Experience planning, researching and developing security strategies, standards, and procedures
Exceptional organizational skills and attention to details to work cooperatively in a team environment
Ability to work cooperatively in a team environment
Strong understanding of application security and/or software development
Proven ability to understand and analyze complex issues, then apply experience and judgment to develop sound recommendations especially as related to software design and development
Ability to communicate concisely, effectively and directly to executive management
Proven relationship building skills working with mid to senior level management and cross-functional teams; strong understands risks; additional focus on leadership; strong interpersonal skills; delivers precise, accurate results to meet commitments; mentors other team members
Demonstrated presentation development; tailors message as needed; comfortable presenting to all levels; strong writing skills; demonstrates creativity in articulating messages that support recommendations
Licenses & Certifications -
Certifications in application security a plus
Certifications in penetration testing a plus
Vendor security certifications or project management certification, a plus
Frequently: Minimal physical effort such as sitting, standing, and walking.
Occasional moving and lifting of equipment and furniture is required to support onsite and offsite meeting setup and teardown.
Physically capable of lifting up to fifty pounds, able to bend, kneel, climb ladders.
This job description does not list all the duties of the job. You may be asked by your supervisors or managers to perform other duties. You will be evaluated in part based upon your performance of the tasks listed in this job description.
The employer has the right to revise this job description at any time. This job description is not a contract for employment, and either you or the employer may terminate employment at any time, for any reason.
Employees desiring consideration should complete an online application, utilizing the appropriate process as subscribed by the posting entity. Employees should provide all pertinent information to support their candidacy.
To be considered eligible for internal posting, Santander employees must meet all of the following eligibility requirements:
Completion of at least one year of active service in Santander
Completion of at least twelve months in current position
Be in "Good Standing"
Please click here to see the full policy- https://tbcdn.talentbrew.com/company/1771/internal_v2_0/img/eligibility.pdf
AN EQUAL OPPORTUNITY EMPLOYER M/F/Vet/Disabled/SO
- Santander US Jobs