Lead Application Security Engineer
Manassas, VA

Job Description

SWIFT provides the platform, messaging, standards, and products & services to over 10.500 customers in 215 countries and territories.

Our employees are the foundation of this success.

SWIFT has an unique corporate mindset, where diversity, personal development and networking are actively encouraged. And we think you'll like our office culture, built around the way we work to achieve a healthier work/life balance.

If you want to be part of our dynamic, multi-cultural institution with over 2400 employees of 75 nationalities, in 26 offices worldwide, then explore the vast opportunities, rewards and internationally competitive packages that are waiting for you here at SWIFT.

The Global Security team is looking for a talented and dynamic information security young professional. The department itself is responsible for the logical security of the SWIFT information systems from risk management, security implementation follow up, penetration testing and security compliance.

You will be part of a multi-cultural team of security experts in areas ranging from internal security standards, risk management, cryptography, application security and penetration testing. Your main task will be as a driver to continue developing practices related to secure coding and security testing of SWIFT

This is an opportunity to work for a dynamic company recognizing security as a strategic value. You will work in a constantly evolving environment using latest technologies and will be a key contributor to protect SWIFT internal network against cyber-attacks. You will demonstrate cyber analytical skills to incident analysis, coordination and response.

Responsibilities

* As a Lead Application and Infrastructure Security Engineer, you will work within the Global Security group defining, guiding and evolving the security of SWIFT application and infrastructure


* Drive development teams strengthen secure coding practices (e.g. C, C++, Java , Perl ). This will be achieved by, for example, enhancing peer code review practices, automated code scan, delivering training to software developers.


* Provide expertise in the translation of internal and external customer requirements into technical security requirements for large and complex environments.


* Be deep on the technical side while being able to synthetize the information with the right level of abstraction for the target audience. The person will build a strong understanding of new services while possibly rationalizing them.


* As a security expert, conduct strategic analysis of security improvements. This analysis will be conducted in liaison with security architects, developers, the marketing division, customers, management and selected third party experts.


* Lead large size and complexity system risk design reviews (e.g. architecture risk assessment) and provide expert technical assistance during design activities to resolve issues ensuring design adherence.


* Proactively access external research information by developing and maintaining advanced level technical contacts by participating at security conferences


* Maintain advanced knowledge of security technologies and security of technology as well as future related industry trends.


* Assess new requests to derive budget (Capex/Opex) assumptions


* Act as resource to train and guide less senior security engineers



Qualifications

* University Degree in Computer Science, Information Systems, or a related field


* Experience: At least 8 years of relevant experience in Information Security


* Strong knowledge of application level security including secure coding and security testing practices


* Strong knowledge of security best practices in ICT infrastructure - networking, Virtualization, Linux , SQL and NSQL DB and Web app servers


* Demonstrated record of expertise in static code analyzer ( e.g. Coverity , Fortify ) including providing assistance to developers to remediate the findings


* Demonstrated record of leading proof of concepts and security technology assessments in support of application and infrastructure security projects


* Sound knowledge of security testing practices, including formalizing misuse case analysis as part of our SDLC, and defining an application level fuzzing approach.


* Prior experience with architectural risk assessment


* Ability to self-learn in fast paced technical environment.


* Agile mindset, strong analytical and communication skills.



What we offer

SWIFT Manassas is one of two offices in the Virginia area, located a short drive from Washington DC. Over 200 employees enjoy a busy social calendar with events throughout the year, as well as being heavily involved in charitable work, with partners such as United Way, Toys for Tots and more.

We offer:

* Competitive salary and bonus with exceptional benefits /100% company paid Medical/Dental/Vision/Life Insurance


* 401(k) matching


* Excellent training and career development opportunities


* Career Advancement


* 4 weeks paid vacation & 12 Public Holidays


* Friendly, professional, stable working environment where one can grow in their career


* Company Functions & Community Outreach Programs



SWIFT is an Equal Opportunity Employer