Principal Cybersecurity Software Engineer -Tech Lead

Job Description:

This is a principal engineering role in the new Application Security Platform Squad (part of the Application and Infrastructure Security Product Area) within the Enterprise Cybersecurity business unit. This is a new squad, building a new platform, offering the successful candidate the opportunity to build the squad and platform from the ground up.

Verizon's 2024 Data Breach Investigation Report (containing 10,000+ confirmed data breaches) states that ~70% of breaches involved exploitation of a web application. Fidelity has hundreds of web applications on the Internet that make hundreds of releases a month to production. These applications are the main point of interaction that our 40M+ customers have with Fidelity. It is crucial to Fidelity's reputation, and our customers’ livelihoods, that these applications are secure.

The focus of the Application Security Platform squad will be to improve the security and vulnerability scanning coverage, and experience, for Fidelity’s developer community, driving a “security first” culture across the enterprise. For instance, this will involve creating a centralized scanning service to integrate policy management and security profiling into the developer workflow.

The Expertise You Have

• 8+ years of demonstrated experience in designing and developing enterprise-standard applications using one or more major programming languages (e.g. Java/Python/Go), frameworks (Spring, Apache Commons, Angular) and pipeline/build tools (e.g. Maven, Git, Jenkins, AWS CFT/CDK)

• Experience building scalable applications on Kubernetes, or similar platforms

• Experience providing technical leadership, mentoring & coaching to less experienced engineers.

• AWS certification preferred and have working experience with cloud environments.

• Any application security experience, including Pen Testing, Static Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Web Application Firewalls (WAF) would be considered a plus.

• Experience with unit and functional testing with tools such as JUnit, PyUnit, Mockito, Cucumber, Karate, Cypress or similar

• Hands on experience with automation & pipeline implementation (Testing, Continuous Integration / Continuous Delivery pipeline).

The Skills You Bring

• You possess strong engineering skills and have experience deploying maintainable, scalable multi-tiered applications.

• You are capable of designing and developing tools/applications using some of the following technologies: Java; Popular opensource frameworks/libraries (e.g. Spring, SpringBoot, Apache Commons, etc.); SOA and API frameworks such as SOAP and REST; Pipeline/Build tools including GIT, Maven, Jenkins, and AWS CFT/CDK; Front end languages/frameworks including JavaScript/Typescript, jQuery, Angular, NodeJS, Springboard or React a plus.

• You have experience with test automation, including solid understanding of test tools.

• You have experience working in an agile environment (Scrum).

• Ability to communicate optimally to positively influence peers, business unit and technology decision makers.

• Strong analytical skills and ability to tackle issues and work through ambiguous situations by making timely decisions based on facts, knowledge, experience, and judgement.

• You have a passion for continual learning and are always ready to guide, support and/or mentor other members of your team!

The Value You Deliver

• Design, develop, test, deploy and maintain SAST, SCA and secret scanning tools into the CI/CD pipeline and developer workflow tools.

• Continued focus on engineering excellence, including improving automation, test coverage, release velocity and production health.

• You are a creator and a doer who will help us tackle real-life problems and meet real consumer needs.

• You have strong communication skills and technical expertise to drive and participate in meaningful discussions. You are a collaborative team-player in an autonomous team, owning all aspects of delivery (coding, quality, DevSecOps). You build relationships with key business partners and quickly establish trust to ensure effective delivery.

• You clearly detail requirements, and system designs in a way that can be understood by both technical and non-technical individuals.

For more like this search #Cyber or #SWE

Category: