Application Security Engineer
Austin – Austin, TX 78701 US
New York – New York, NY 10016 US
Norwalk – Norwalk, CT 06851 US (Primary)
FactSet is a financial data and software company headquartered in Norwalk, CT with offices in 35 locations worldwide. As a global provider of financial information and analytics, FactSet helps the world’s best investment professionals outperform. More than 87,500 users stay ahead of global market trends, access extensive company and industry intelligence, and monitor performance with FactSet’s desktop analytics, mobile applications, and comprehensive data feeds. As of February 28, 2018, annual subscription value reached $1.3 billion and headcount passed 9,000.
FactSet was ranked #89 on FORTUNE’s 100 Best Places to Work list in 2016 and has consistently been recognized as a great workplace by leading publications.
FactSet is currently seeking an Application Security Engineer, experienced in application security testing and architecture, to join the global Security team. You will work with stakeholders and internal clients in Software Engineering, Systems Engineering, and Product Development to securely design, develop, test, and deploy products.
Identify potential risks, threats, vulnerabilities and exploits through architecture review, threat modeling, secure code review, and penetration testing
Define information security policies and standards that support secure coding practices
Develop tools to support the automation of security testing and more efficiently discover, track, and resolve security vulnerabilities
Educate employees on secure coding and development best practices
2+ years of relevant Security Engineering or Penetration Testing experience
Bachelors or Masters in Computer Science/Engineering or related field
Thorough, detail-oriented and quality-driven with excellent communication and inter-personal skills
Familiarity of SSDLC (Secure Software Development Life Cycle) or SDL (Secure Development Lifecycle)
Knowledge of common software and web application vulnerabilities, such as the OWASP Top 10.
Participate as a member of a 724 on-call rotation
Software Engineering experience developing/debugging is a significant plus
Relevant industry training and/or certification: CSSLP, CISSP, OSCP, GWAPT, or GPEN
Able to deliver quality results in a high-energy/high-pressure environment
Ability to multi-task and manage demands of many projects, issues, and tasks
Ability to perform duties with minimal supervision
Tools and Capabilities:
Nexpose, AppSpider, Nessus, Burp Suite, w3af, sqlmap, Nikto, nmap, Metasploit and Webscarab
TCP/IP, HTTP(S), XMPP and DNS
Firewalls, IDS/IPS and WAF
C, C++, Objective-C, Java or .Net
MySQL, MSSQL, NoSQL
Perl, Python or PHP
To find out more about opportunities at FactSet, visit us at ************************ ************************* or ************************
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.
FactSet Research Systems Inc. is an E-Verify participant and EOE/M/F/D/V Employer which strongly supports diversity in the workforce.
To apply for this job please visit itjobpro.com.