Application Security Engineer North Dallas or Detroit Metro locations
Comerica
- Auburn Hills, MI
- Permanent
- Full-time
- Performs integration of static and dynamic code scan output into CI/CD pipeline.
- Reviews of code analysis output and translation into findings.
- Utilizes the finding management software and tracking remediations with the development teams.
- Performs development and application team education resolution training.
- Performs emerging threat and threat landscape research.
- Provides forensic cyber event analysis.
- Identifies means to reduce cyber-attack effectiveness.
- Looks for continuous improvement of detections for operationalization.
- Leads threat modeling workshops to draw out vulnerabilities.
- Champions industry standard Threat Modeling framework (such as STRIDE).
- Updates detection tools as new vulnerabilities emerge.
- Stays aware of new vulnerabilities to articulate their inner workings against Comerica's environment.
- Works closely with partners in Cyber and Technology to solve security problems.
- Serves as the escalation point for cyber incidents, events, and application vulnerability research.
- Identifies and provides guidance to mitigate threat vectors unique to the shared cyber-attack surface.
- Proactively communicates with application development teams to illustrate vulnerabilities and solutions.
- Identifies & evaluates projects, products, and solutions to enhance threat detection and other capabilities.
- Provides expert guidance on highly complex, large projects to incorporate cyber and fraud detection capabilities and considerations.
- Participates in industry working and information sharing groups.
- Keeps management informed of status of threats, the threat landscape, and current incidents and events through appropriate reporting.
- Actively participates on committees representing Cybersecurity.
- Keeps abreast of leading-edge technologies in the application security space.
- Other duties as assigned.
- Bachelor's degree from an accredited university in Computer Science, Mathematics, Information Technology, Big Data, Cyber Security or equivalent through a combination of education and/or technology experience or 12 years of technology experience
- 8 years progressive cyber security technology experience
- 5 years of experience in application security engineering
- 2 years of Static Application Security Testing (SAST) Snyk experience preferred
- 2 years of Dynamic Application Security Testing (DAST) Rapid7 experience preferred
- 2 years web application development/object-oriented programming
- 2 years working with attack vectors in OWASP top 10
- 1 year of threat modeling