Cybersecurity Engineer

Job Description:

This engineering position is within the Application Security Tools Squad, which is a part of the Application and Infrastructure Security Product Area in the Enterprise Cybersecurity business unit.

Verizon's 2024 Data Breach Investigation Report (containing 10,000+ confirmed data breaches) states that ~70% of breaches involved exploitation of a web application. Fidelity has hundreds of web applications on the Internet that make hundreds of releases a month to production. These applications are the main point of interaction that our 40M+ customers have with Fidelity. It is crucial to Fidelity's reputation, and our customers’ livelihoods, that these applications are secure.

The Application Security Tools Squad is dedicated to delivering cutting-edge tools, libraries, and solutions that support and validate the implementation of security measures by Fidelity's vast application development community, comprising over 10,000 developers. As a team member, you will play a pivotal role in steering decisions, leading deployments, and crafting integrations with our current systems.

Our squad consists of driven and committed individuals based in Ireland, all collaborating in a dynamic, agile work environment.

The Expertise You Have

• AWS certification preferred and have working experience with cloud environments.

• Hands on experience with automation & pipeline implementation (Testing, Continuous Integration / Continuous Delivery pipeline).

• Any application security experience, including Pen Testing, Static Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Web Application Firewalls (WAF) would be considered a plus.

• Experience with data processes, including but not limited to ETL, ELT, Data Modeling, and proficiency with BI tools like PowerBi, Tableau, or similar, as well as Oracle or equivalent RDBMS, is also advantageous.

The Skills You Bring

• You possess strong engineering skills and have experience deploying maintainable, scalable multi-tiered applications.

• You are capable of designing and developing tools/applications using some of the following technologies: Unix and Shell scripting; Common programming languages such as core Java, Python, etc.; Popular opensource frameworks/libraries (e.g. Spring, SpringBoot, Apache Commons, etc.); SOA and API frameworks such as SOAP and REST; Pipeline/Build tools including GIT, Maven, Jenkins, Jenkins Core, and AWS CFT/CDK; Front end languages/frameworks including JavaScript/Typescript, jQuery, Angular, NodeJS, Springboard and React a plus.

• You have experience with test automation, including solid understanding of test tools.

• You have a security architecture mentality.

• You have experience working in an agile environment (Scrum).

• Ability to communicate optimally to positively influence peers.

• Strong analytical skills and ability to tackle issues and work through ambiguous situations by making timely decisions based on facts, knowledge, experience, and judgement.

• You have a passion for continual learning and are always ready to guide, support and/or mentor other members of your team!

The Value You Deliver

• Design, develop, test, deploy and maintain SAST, SCA and secret scanning tools into the CI/CD pipeline and developer workflow tools.

• Evaluate and leverage opensource or vendor technologies, to support the Fidelity development community in eliminating application security vulnerabilities from their applications.

• Continued focus on engineering excellence, including improving automation, test coverage, release velocity and production health.

• You are a creator and a doer who will help us tackle real-life problems and meet real consumer needs.

• You have strong communication skills and technical expertise to participate in meaningful discussions.

For more like this search #SWE

Category: