Senior Application Security Test Engineer Senior Application Security Test EngineerJob ID 2019-24481Primary Location New Jersey, Jersey CityRegular/Temp RegularFull-Time/Part-Time Full-TimeTo all recruitment agencies: TD Ameritrade does not accept agency resumes. Please do not forward resumes to our job alias, TD Ameritrade employees or any other company location. TD Ameritrade is not responsible for any fees related to unsolicited resumes.The TD Ameritrade Enterprise Quality Assurance (EQA) Group is tasked to ensure there are robust processes which provide confidence that the stated or implied requirements for quality are met for TDA's software systems; including functional and non-functional aspects of quality. The Security QA Team is a core function of Enterprise QA s non-functional team and is primarily responsible for establishing and guiding the Application Security Testing Program within TD Ameritrade. These activities include penetration testing, software security scanning, vulnerability management and remediation, automating security testing, and the education of TDA software developers and other testers in security best practices. The Security Quality Assurance Consultant reports to the Director of Security QA to ensure the control and protection of software, improve the software development process, and minimize defects and vulnerabilities in software production. Responsibilities Experience in leading the creation and adoption of enterprise security testing tools.Software development & test, and web application penetration testing background.Experience working with development teams to define alternatives and recommending optimal solutions to meet security requirements in the design of new/enhanced systems. Partner, guide and inspire development teams to address security concerns.Holds self and others to a high standard and takes initiative to define and drive winning solutions.Web application penetration testing knowledge and experience in software development & testing.Expert knowledge in DAST solutions and techniques.Familiarity with SAST solutions and techniques.Expert knowledge in application vulnerability types, attack vectors and remediation approaches.Industry best practices for secure software development & testing as well as web application security; including IAST and RAST technologies.Experience with continuous delivery/continuous integration processes and procedures including implementing critical security considerations in automated workflows.Knowledge of web application full-stack architecture and network models.Demonstrate technical competency in security engineering based on hands-on experience or relevant qualifications.Expert understanding of the IP protocols and associated security mechanisms: TCP/IP, HTTP, SSL/TLS, PKI.Familiarity with well-known application security sources and standards such as OWASP, WASC and NIST.Experience with developing security testing software to aid in testing and automating dynamic application security testing. Knowledge of with SaaS/PaaS/IaaS security models.Expert understanding of automation development and techniques.Include a percentage of time spent for each accountability (total % s should equal 100%).Ability to positively influence the behavior of peers and build relationships with other teams without direct authority over those teamsAssess current practices and identify and implement relevant policies to ensure state of the art testing practices as they relate to securityMentor and help develop qualified Software QA staff and application developers and testersConstantly monitor new security research findings. Understand, learn and then apply new techniques, attack vectors and vulnerability types into the Security QA program at TDADetermine the selection of Software QA (SQA) program elements including supporting toolsDefine enterprise risk management and governance approach for SQA controlsEnsure security of software produced or procured by TDA to prevent loss, inaccuracy, alteration, unavailability, or misuse of data Provide guidance around automation strategies to manage regression risk and enhance testing throughputIntroduce automated testing of fixed vulnerabilities into TDA s continuous delivery/continuous integration processes and proceduresSupport the establishment of security requirements for the software development and/or operations and maintenance (O&M) processesIdentify the opportunities for changes to software security design patterns and reference architecture. Partner with SSA team to integrate software security scanning and testing into TDA s software development, build and testing programsDevelop, mentor and train application developers and SQA staff in application security best practices and secure codingConduct software security testing, including penetration testing, to confirm the results of design and code analysis, investigate software behavior, and verify that the software complies with security requirementsPerform software focused attack surface reviews and both static code, OSS and dynamic application assessmentsReview, inspect and walk through source code to help developers understand vulnerabilities and provide advice to developers on remediationDevelop application specific threat models to identify security design flaws and provide guidance on application specific risks and controls. (complex to highly complex)Identify security vulnerabilities as a result of security bugs, coding errors, omissions, and defects Introduce new technologies for scanning vulnerabilities and work with application developers to ensure they are integrated and used consistentlyDefine security requirements and guidelines to ensure repeatable processes. Design the strategy, standards, and architecture for the security aspects of the SDLC including application, mobile, web service, DevOps, cloud, and CI/CD efforts. Provide indicators and reports used help assess control effectiveness.Maintain lists of recommended secure software security design patterns, reference architecture and secure software frameworks Requirements 4 Year College Degree in Computer Science or BA Comp Engineering or 7-10 years Equivalent ExperienceGraduate Degree preferred10 years total related experienceBachelor s degree in Computer Science, Computer Engineering or a closely related IT field or equivalent 5 years of enterprise software development / testing experience. Java programming skills including knowledge of JSSE and other security features is preferred. Experience with NET/ASP/C# also a plus Development experience with strong Java programming skills including knowledge of JSSE and other security features Working knowledge of Java development environment including tools and framework used by developers, develops and testers (e.g. Eclipse, Spring, Jenkins, Maven, Jira, Selenium) Solid understanding of a variety of software security practices, secure code reviews, vulnerability scanning methods, threat modeling, security requirements analysis and architectural risk analysisExpert knowledge in application vulnerability types, attack vectors and remediation approachesExpert understanding of the IP protocols and associated security mechanisms: TCP/IP, HTTP, SSL/TLS, PKIFamiliarity with well-known application security sources and standards such as OWASP, WASC, NIST and CVEExtensive applied knowledge with dynamic analysis tools and hacking toolsExperience performing software security architecture, design and requirements analysis for large-scale enterprise systems Experience leading enterprise deployment of application security tools, services and controlsInformation Security and control certifications preferred (CISSP, GPEN, GWAPT, OSCP, CEH, etc.)Military education or experience may be considered in lieu of civilian requirements listedOptionsApply for this job onlineApplyShareEmail this job to a friendReferSorry the Share function is not working properly at this moment. Please refresh the page and try again later.Share on your newsfeed Need help finding the right job? We can recommend jobs specifically for you Click here to get started. Application FAQsSoftware Powered by iCIMS
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.