Application Security Engineer

About MUFG Investor Services

MUFG Investor Services is a trusted partner for the world's largest public and private funds, offering asset servicing and operational solutions designed for alternatives. With over $1 trillion in client assets under administration, we provide fund administration, banking, payments, fund financing, foreign exchange overlay, corporate and regulatory services, custody, business consulting, and more. Operating globally from 17 locations, we help clients mitigate risk, enhance efficiency, and navigate complex investment management landscapes. As a division of Mitsubishi UFJ Financial Group (MUFG), one of the world's largest financial institutions with approximately $3 trillion in assets, we combine deep expertise with financial strength and stability. Learn more at www.mufg-investorservices.com.

#LI-Hybrid

About the Role

We are seeking a proactive and collaborative Application Security Engineer who excels in the purple team space and champions automation. You will work closely with engineering and IT teams to enhance the security of our applications, APIs, and infrastructure by implementing preventative controls and identifying risks through security testing.

You Will:

• Act as a security champion to foster a "secure by design" approach across the business.
• Support the identification and analysis of web application security vulnerabilities across the business to reduce risk.
• Oversee the daily management of application security platforms to ensure comprehensive coverage, compliance, and remediation of findings.
• Conduct threat modeling and review application architectures to identify potential risks early in the SDLC.
• Implement application security controls and proactive measures to prevent security incidents.
• Implement and manage SAST/SCA tooling across our application repositories to identify source code risks.
• Scale automated DAST solutions across our applications to maximize testing coverage and provide visibility into runtime security posture.
• Provide security guidance and remediation advice to engineers.
• Perform penetration testing on internally developed applications to identify security defects.
• Review and assess the security of third-party vendor applications through configuration and hardening reviews.
• Validate the remediation of security issues by development teams and third parties.
• Coordinate and arrange external penetration testing assessments to independently evaluate application security.
• Build and maintain effective collaboration with development and IT teams.

#LI-Hybrid

You Have:

• Experience in application security, focusing on red, blue, or purple team activities.
• Experience in software development or contributions to Open-Source projects.
• Experience with DAST tools such as Burp Suite, OWASP Zap, or similar.
• Experience with SAST/SCA tools such as Snyk, Veracode, Checkmarx, or similar.
• Proficiency in one or more of the following languages: Python, JavaScript, .NET, or Java.
• Well-versed in analyzing open-source and third-party library vulnerabilities.
• Strong understanding of the Software Development Life Cycle (SDLC) and agile methodologies.
• Demonstrated experience testing both REST and GraphQL APIs.
• Experience with development tools including GitLab/GitHub, Datadog, Jira, Docker, and various IDEs.
• Previous close collaboration with development and DevOps teams to resolve security issues.
• Performed security-focused code reviews to identify code-level issues.
• Experience creating custom security tooling or scripts.

Preferred:

• Experience in the financial sector or another heavily audited industry.
• Experience with cloud services, particularly AWS services like WAF, Cognito, etc.
• Experience working with Infrastructure as Code, Kubernetes, and Containers.
• Experience with authentication mechanisms like Open ID Connect, OAuth, and identity providers.
• Experience creating custom CI/CD pipeline jobs for security reviews or scans.

What’s in it for you?

Join MUFG Investor Services for a career that defies expectations. Experience our vibrant CULTURE, CONNECTED TEAM, love of INNOVATION, laser CLIENT FOCUS, and next-level LEARNING & DEVELOPMENT. We are committed to HYBRID WORKING. Why settle for ordinary when you can build a Brilliantly Different career?