AppSec Engineers contribute to the secure development of software applications to help protect our clients’, our employees’, and SunTrust’s sensitive data and business systems from both internal and external threats. As an individual contributor within SunTrust’s Secure Design & Engineering team, you will play an active role in defining requirements, evaluating tools and metrics, and contributing to the secure development of software that runs our business. We’re looking for sharp, motivated team players to help us strengthen our security posture to keep the bad guys out.
Works with software development teams to assure compliance with standards and best practices for secure software development. Helps developers interpret test results and utilize appropriate coding mitigation/remediation. Contributes to the creation of secure development standards and associated training modules for developers. Defines requirements and leads evaluation of new software test tools. Collaborates with development process (SDLC, Agile, etc) teams to assure cohesive integration of security practices. Applies an understanding of key business processes and practical experience to solve a range of straightforward problems innovatively. Analyzes possible solutions using experience, judgment and precedents. Works under moderate supervision.
Bachelor’s degree in and 5 years of experience in systems engineering or administration or an equivalent combination of education and work experience. In-depth knowledge in information systems and ability to identify, apply, and implement best practices. Understanding of key business processes and competitive strategies related to the IT function. Ability to plan and manage projects. Ability to solve complex problems by applying best practices. Ability to provide direction and mentor less experienced teammates. Ability to interpret and convey complex, difficult, or sensitive information.
· 4 - 6 years of experience developing and/or testing software solutions with an emphasis on secure design and implementation tactics.
· Experience with cryptography and open source software components
· Proven experience following or implementing a systems development lifecycle (agile, waterfall, DevOps, etc.)
· Development experience with C# and VB (.NET) on Windows and Java on Linux operating systems as well as popular databases (i.e. SQL, Oracle)
· Experience with SAST tools (e.g. Checkmarx, Coverity, Fortify, Veracode, WhiteHat Security)
· Experience with DAST, IAST, RASP and WAF tools
· Experience automating manual tasks using languages such as Perl, Powershell, Python, PL/SQL, or through SOAP or RESTful APIs
· Familiarity with CVE, CWE, and CVSS identification systems
· Experience defining secure development standards
· Experience in threat modeling and architectural risk analysis
· Possess a thoughtful understanding of modern cyber security threats and relevant tactics for implementing measures to combat those threats
· Experience performing application assessments or limited penetration testing on business systems or platforms
· Ability to mentor junior cyber security teammates, enabling their growth as professionals
· Strong written and verbal communication (including presentation) skills to effectively convey or influence ideas
· Ability to provide thought leadership on multiple cyber security domains or concepts
· Bachelor's degree in computer science or management information systems and 4+ years of experience
· Banking or financial services experience
· Relevant cyber security certifications, such as CSSLP, CEH, GIAC-GWEB, CISSP, SANS, OCSP, and others are a plus
Equal Opportunity Employer: SunTrust supports a diverse workforce and is a Drug Testing and Equal Opportunity Employer. SunTrust does not discriminate against individuals on the basis of race, creed, color, gender, religion, national originTo review the EEO Poster, copy and paste the following link into your browser: http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf