F

Director - Application Security Engineering: Web Application Firewall (WAF) - Any FINRA Location

Financial Industry Regulatory Authority
Full-time
Remote
United States

Under general direction from Cyber and Information Security (CIS) Leadership, the Director of Application Security Engineering oversees the Secure Software Development Lifecycle (SSDLC), including all relevant tooling, processes, training and guidance to educate the organization's development community and help drastically minimize the security risks to its applications, data and hosting environment. The Director defines or reviews relevant information security strategies, policies, and standards - most specifically focused on Web Application Firewall (WAF).

At FINRA, we infuse innovation into how we work. We use cutting-edge technologies like AI, machine learning, cloud computing, and big data analytics to protect investors and ensure market integrity. As a result of our pioneering work, Computerworld ranked us #2 globally as a Best Place to work in IT among mid-sized companies in 2024. Join our forward-thinking culture and elevate your career.

Essential Job Functions:

  • Manage a team focused on delivering high quality security testing, or secure development and operations, results within the Application Security Program. This includes assignment coordination and training of subordinate staff, and backup coverage for next level management
  • Define, review or promote relevant security strategy, policies, standards, guidelines and procedures
  • Perform project management and status reporting to leadership on all major initiatives within the purview of the respective team
  • Create the team roadmap in alignment with organizational needs, any relevant business cases for new capabilities or staff to support the program, and oversee relevant budget planning and maintenance
  • Oversee the establishment and maintenance of processes and techniques used to identify, validate, and prioritize security risks on FINRA’s in-house and proprietary software applications, including both on-premises and AWS cloud-based hosting
  • Oversee secure software development or security testing for full SDLC from initiation to release for relevant technologies such as Java/J2EE, .NET or Python
  • Develop and implement strategies to promote consistent use of security controls across the enterprise
  • Oversee the execution of manual and automated secure software development activities by deploying, configuring, monitoring, or testing security controls, utilizing cyber security tools, to perform service security assessments, integrations, or operations
  • Identify, evaluate, and recommend new security technologies, techniques, and tools; prepare and deliver professional communications, including security assessment reports, status reports or dashboards and/or training briefings

Other Responsibilities:

  • Ensure all work product meets/exceeds FINRA standards
  • Other duties as assigned

Education/Experience Requirements:

  • Bachelor’s degree in computer science, engineering, or related technical discipline
  • ISC2 Certified Information System Security Professional (CISSP) certification highly desired
  • Additional certifications related to AWS, secure design/architecture, networking, security testing or similar are desired
  • 9 years technology experience, of which includes 3+ years of cyber and information security experience
  • 2+ years of supervisory/management experience
  • Expertise in Application Security domain vulnerabilities and associated tooling such as open source and enterprise SAST, DAST, IAST, WAF and/or HTTP proxy solutions
  • Financial services industry experience is a plus
  • Knowledge and general understanding of government and industry security standards and frameworks commonly used
  • Advanced knowledge of cyber and information security standards, frameworks, technologies, control strategies, and compliance practices

For work that is performed in CA, CO, HI, MN, VT, IL, Jersey City, NJ, NY, NY, MD, Washington DC, and WA the chart below outlines the proposed salary range for the corresponding location. In addition to location, actual compensation is based on various factors, including but not limited to, the candidate’s skill set, level of experience, education, and internal peer compensation comparisons.

CA: Minimum Salary $146,200, Maximum Salary $296,100

CO/HI/MN/VT*: Minimum Salary $127,300, Maximum Salary $246,600

IL*: Minimum Salary $139,800, Maximum Salary $271,400

Jersey City, NJ/NY, NY: Minimum Salary $152,700, Maximum Salary $296,100

MD/Washington, DC: Minimum Salary $146,200, Maximum Salary $283,800

WA: Minimum Salary $127,300, Maximum Salary $283,800

*Including positions performed outside the state but reporting to an office or manager in that state.

Candidates can expect salary offers that range from the minimum to the mid-point of the salary range. FINRA provides full pay ranges so that the candidate can consider their growth potential while at FINRA.

#LI-Hybrid

To be considered for this position, please submit an application. Applications are accepted on an ongoing basis.

The information provided above has been designed to indicate the general nature and level of work of the position. It is not a comprehensive inventory of all duties, responsibilities and qualifications required.

Please note: If the “Apply Now” button on a job board posting does not take you directly to the FINRA Careers site, enter www.finra.org/careers into your browser to reach our site directly.

FINRA strives to make our career site accessible to all users. If you need a disability-related accommodation for completing the application process, please contact FINRA's Employee Relations team at 240.386.4865 or by email at EmployeeRelations@finra.org. Please note that this process is exclusively for inquiries regarding application accommodations. 

Employees may be eligible for a discretionary bonus in addition to base pay. FINRA provides comprehensive health, dental and vision insurance.  Additional insurance includes basic life, accidental death and dismemberment, supplemental life, spouse/domestic partner and dependent life, and spouse/domestic partner and dependent accidental death and dismemberment, short- and long-term disability, long-term care, business travel accident, disability and legal.  FINRA offers immediate participation and vesting in a 401(k) plan with company match and eligibility for participation in an additional FINRA-funded retirement contribution, tuition reimbursement and many other benefits. 

Time Off and Paid Leave*

FINRA encourages its employees to focus on their health and wellness in many ways, including through a generous time-off program of 15 days of paid time off, 5 personal days and 9 sick days (all pro-rated in the first year). Additionally, we are proud to support our communities by providing two volunteer service days (based on full-time schedule). Other paid leave includes military leave, jury duty leave, bereavement leave, voting and election official leave for federal, state or local primary and general elections, care of a family member leave (available after 90 days of employment); and childbirth and parental leave (available after 90 days of employment). Full-time employees receive nine paid holidays.

*Based on full-time schedule

Important Information

FINRA’s Code of Conduct imposes restrictions on employees’ investments and requires financial disclosures that are uniquely related to our role as a securities regulator. FINRA employees are required to disclose to FINRA all brokerage accounts that they maintain, and those in which they control trading or have a financial interest (including any trust account of which they are a trustee or beneficiary and all accounts of a spouse, domestic partner or minor child who lives with the employee) and to authorize their broker-dealers to provide FINRA with duplicate statements for all of those accounts. All of those accounts are subject to the Code’s investment and securities account restrictions, and new employees must comply with those investment restrictions—including disposing of any security issued by a company on FINRA’s Prohibited Company List or obtaining a written waiver from their Executive Vice President—by the date they begin employment with FINRA. Employees may only maintain securities accounts that must be disclosed to FINRA at one or more securities firms that provide an electronic feed (e-feed) of data to FINRA, and must move securities accounts from other securities firms to a firm that provides an e-feed within three months of beginning employment.

You can read more about these restrictions here.

As standard practice, employees must also execute FINRA’s Employee Confidentiality and Invention Assignment Agreement without qualification or modification and comply with the company’s policy on nepotism.

Search Firm Representatives

Please be advised that FINRA is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, a valid written agreement and task order must be in place before any resumes are submitted to FINRA. All resumes submitted by search firms to any employee at FINRA without a valid written agreement and task order in place will be deemed the sole property of FINRA and no fee will be paid in the event that person is hired by FINRA.

FINRA is an Equal Opportunity and Affirmative Action Employer

All qualified applicants will receive consideration for employment without regard to age, citizenship status, color, disability, marital status, national origin, race, religion, sex, sexual orientation, gender identity, veteran status or any other classification protected by federal state or local laws as appropriate, or upon the protected status of the person’s relatives, friends or associates.

FINRA abides by the requirements of 41 CFR 60-741.5(a). This regulation prohibits discrimination against qualified individuals on the basis of disability, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities.

FINRA abides by the requirements of 41 CFR 60-300.5(a). This regulation prohibits discrimination against qualified protected veterans, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified protected veterans.

©2020 FINRA. All rights reserved. FINRA is a registered trademark of the Financial Industry Regulatory Authority, Inc.