IT Security Engineer

Cornerstone is seeking an experienced Security Engineer who loves a challenge, thinks creatively, inspires innovation, and demonstrates high levels of energy and commitment. We need someone with technical scripting and visualization skills to tell the security story. We need a Team Member with the desire to stay up to date on trends, advancements, and threats facing the financial services industry and the ability to work with software, infrastructure, and cloud architects to secure proposed architectural designs. If you have a strong desire to take ownership of problems and act on them independently and are comfortable working in a rapidly evolving environment and dealing with ambiguity, this position is for you.

What You'll Be Doing:

The Security Engineer is an integral member of our IT Team, providing application security in line with the technical strategy set by the IT Leadership Team. We are looking for a curious Security Engineer with a passion for decreasing risk, safeguarding data, and securing corporate ecosystems. The role is critical in our ability to secure our applications, processes, and infrastructure, allowing for the expansion of the ever-growing Cornerstone technology portfolio and will perform various functions including:

* Address legacy and emerging security issues and implement repeatable secure development practices to reduce the introduction of program design.

* Engineer for application security efforts related to authentication, authorization, encryption, logging, and code testing/analysis.

* Provide input and support for regulatory standards or control frameworks that govern Information Security practices such as NIST CSF, ISO, COBIT, PCI, and/or state and federal privacy laws.

* Manage the life cycle of assigned projects from initiation through deployment and project closure.

* Stay up to date on new security tools & techniques in the application security space.

* Provide IT Application Security support and insight for various committees throughout the business.

* Work with the product management and software engineering teams during all phases of the SDLC to ensure that applications are designed and implemented securely.

* You'll guide developers and junior application security engineers on weaknesses to avoid.

Required Experience:

* 3+ years of experience in an IT Security Engineering role

* 5+ years of experience working in coding/development of Applications and Software

* (Preferred) Related Certifications such as GIAC-GWEB, CSSLP, CASS, CEH, CISSP, CASE

* Practical skills - knowledge of full software development life cycle

* Experience working in a Scaled Agile Framework (SAFE) environment.

* Experience working in the Cloud, preferably Azure / Azure DevOps

* Application security associated with authentication, authorization, encryption, logging, and security testing

* Knowledge and integration of OWASP

* Ability to audit (not necessarily design) internal application architecture to provide insight/guidance on improvements to/confirmation of security controls

* Understanding, application, and usage of Web Application Firewalls (WAF)

* Threat modeling (would be desirable, but not a requirement)

The Team:

The IT Security Team secures the environment our team members operate in while maintaining a relatively frictionless landscape. It's via recurrent authentication and monitoring, that we strive to ensure the bearing of our enterprise. By designing and developing infrastructure security strategies, we seek to minimize exposures. By understanding the end-user experience, we recognize the necessity of balancing risk vs. the agility to innovate.

What To Do Next:

If Cornerstone sounds like the place for you (and if you have the qualifications, drive, and passion to match), we invite you to become a member of our winning team! And remember, once you're a part of our Cornerstone family, we'll continue to invest in you as an asset in our company. As many of our team members can tell you, there's something special about working at Cornerstone.