If you’re looking for a meaningful career, you’ll find it here at Webster. Founded in 1935, our focus has always been to put people first--doing whatever we can to help individuals, families, businesses and our colleagues achieve their financial goals. As a leading commercial bank, we remain passionate about serving our clients and supporting our communities. Integrity, Collaboration, Accountability, Agility, Respect, Excellence are Webster’s values, these set us apart as a bank and as an employer.
Come join our team where you can expand your career potential, benefit from our robust development opportunities, and enjoy meaningful work!
As an Application Security Engineer, you will play a vital role in safeguarding our organization's applications and data. Your expertise will help us maintain a robust security posture and ensure the trust of our users and stakeholders.
The primary function for this position is to ensure that applications and services are secured and implemented with best security practices. As an Application Security Engineer, you will be responsible for designing, implementing, and maintaining security measures for our organization's applications and software systems. You will work closely with development teams to integrate security practices throughout the software development lifecycle (SDLC) and ensure that our applications are protected against potential threats and vulnerabilities. You will help manage the application security program, define standards, policies, and procedures, and coordinate with engineering teams to implement and maintain security platforms.
Key Responsibilities
Security Assessment and Implementation
Conduct security-focused code reviews and application security assessments
Perform threat modeling and risk assessments for new and existing applications
Implement and maintain security controls, including authentication, authorization, and encryption mechanisms
Develop and oversee secure code analysis programs in conjunction with development teams
Vulnerability Management
Identify and assess security vulnerabilities in applications and systems
Lead the remediation of application vulnerabilities discovered through scanning and security testing
Help manage the organization's vulnerability intake and remediation process
Collaboration and Guidance
Work closely with development teams to integrate security best practices into the SDLC
Provide guidance and training on secure coding practices and application security
Collaborate with IT professionals to harden systems and applications
Security Architecture and Design
Assist in designing secure application architectures and infrastructure[
Evaluate and provide recommendations on third-party applications and services
Contribute to the development of security policies, standards, processes, and procedures
Continuous Improvement and Research
Stay up-to-date with the latest security threats, trends, and countermeasures
Research and analyze application behaviors to improve security and stability
Contribute to the evolution of the organization's application security functions and services
Required Qualifications
Bachelor's degree in Computer Science, Information Security, or a related field
5+ years of experience in cybersecurity, application security, or a similar IT role
Strong understanding in security engineering, system and network security, authentication and security protocols, cryptography, and application security
Strong understanding of web application security, including OWASP Top 10 vulnerabilities
Proficiency in secure coding practices and common programming languages (e.g., .NET, Java, Python)
Experience with security testing tools and methodologies (e.g., SAST, SCA, DAST, penetration testing)
Familiarity with compliance regulations and industry security standards
Excellent problem-solving and analytical skills
Strong communication skills and ability to work effectively in cross-functional teams
Preferred Qualifications
Relevant security certifications (e.g., CISSP, GIAC, CCNA)
Experience with cloud security and containerization technologies
Knowledge of DevSecOps practices and CI/CD pipelines
Familiarity with threat modeling methodologies and risk assessment frameworks
Experience with advanced persistent threats, phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authentication
Key Competencies
Attention to detail and strong analytical thinking
Ability to work in a fast-paced, dynamic environment
Excellent written and verbal communication skills
Proactive approach to identifying and addressing security issues
Continuous learning mindset to stay updated on emerging security threats and technologies
The estimated salary range for this position is $115,000USD to $130,000USD. Actual salary may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position is eligible for incentive compensation.
#LI-EF1
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
