CICD Engineer Vice President
CICD Engineer Vice President
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history SMBC Group offers a diverse range of financial services including banking leasing securities credit cards and consumer finance. The Group has more than 130 offices and 80000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group Inc. (SMFG) is the holding company of SMBC Group which is one of the three largest banking groups in Japan. SMFGs shares trade on the Tokyo Nagoya and New York (NYSE: SMFG) stock exchanges.
In the Americas SMBC Group has a presence in the US Canada Mexico Brazil Chile Colombia and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia the Group offers a range of commercial and investment banking services to its corporate institutional and municipal clients. It connects a diverse client base to local markets and the organizations extensive global network. The Groups operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC) SMBC Nikko Securities America Inc. SMBC Capital Markets Inc. SMBC MANUBANK JRI America Inc. SMBC Leasing and Finance Inc. Banco Sumitomo Mitsui Brasileiro S.A. and Sumitomo Mitsui Finance and Leasing Co. Ltd.
The anticipated salary range for this role is between $143000.00and $185000.00. The specific salary offered to an applicant will be based on their individual qualifications experiences and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive addition to cash compensation SMBC offers a competitive portfolio of benefits to its employees.
Role Description
The Senior CI CD Security Engineer will be responsible for operating and maintaining a vendor SAST and SCA tool which scans our in-house developed software for application security vulnerabilities. The candidate should have a strong knowledge of application security processes CICD processes and tools and SAST SCA SBOM. Acts as a subject matter expert who uses expertise to resolve complex problems in consideration of established policies guidelines or processes. Reports to SMBC AD Head of Application Security.
Role Objectives
- Strong ability to work with stakeholders and being able to explain code issues and fixes to development community.
- Ensure the SAST/SCA code scanning tool is operating effectively on a daily basis
- Manage license utilization across the entire organization and report to management periodically on utilization especially as it nears our contracted limits
- Work with vendor representatives to resolve problems and manage contracts and renewals
- Escalate functionality and security issues to management and own those issues through resolution
- Interface with development and security architecture teams on topics related to application security for example vulnerability remediation best practices threat modeling etc.
- Interface with the vulnerability management team to ensure vulnerabilities identified are reported and validated according to SLAs
- Some manual testing activities validate vulnerability or penetration testing findings
- Weekend and night work may be needed at times based on project support and business needs
Qualifications and Skills
- 7 years of experience as a Application Security analyst or Application Penetration Testing analyst
- Expertise with programming languages C# C Java
- Ability to read and understand code deficiencies
- Experience in developing and maturing CI/CD pipeline with respect to code quality and detecting vulnerabilities.
- 4 years of experience with Static Application Security Testing (SAST) or Dynamic App Security Testing (DAST)
- 2 years of experience with container security issues and container technologies
- Through understanding of the components of the Secure Software Development Lifecycle
- Strong knowledge of OWASP Top 10 or CWE
- Understanding of common software threats and mitigations
- Must be process and detail oriented ability to create detailed process documentation
- Experience with Jira/Confluence
- Bug Bounty and/or penetration testing experience a bonus
#LI-JC2
Additional Requirements
SMBCs employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home as well as from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles including for example certain FINRA-registered roles for which in-office attendance for the entire workweek is required.
SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal state and local law. If you need a reasonable accommodation during the application process please let us know at
Required Experience:
Exec
Employment Type
Full Time
