This job listing has expired and the position may no longer be open for hire.

Lead Web Application Penetration Tester (Remote Flexibility) at T. Rowe Price

Posted in General Business 30+ days ago.

Type: Full-Time
Location: Owings Mills, Maryland





Job Description:

A career at T. Rowe Price says you want to contribute and make a difference at a leading global investment management firm where success results from the dedication our associates have in building success for our clients. We are a growing organization of associates from diverse backgrounds, experiences, and perspectives.

We take a long-term view on associates and their careers. Our associates do phenomenal work with purpose, and as a result, we provide growth opportunities through in-person and online training, management development programs, and career development on the job.

If you are seeking a meaningful work experience along with a workplace culture that thrives on teamwork, we invite you to explore the opportunity to join us.

Overview

In this role, you will provide security and controls assessment for new and existing applications, platforms, and systems within the Secure Software Development Lifecycle (SSDLC).  You will perform automated and manual application security testing on T Rowe Price IT systems and raise security risks and technology defects quickly to technology management for evaluation and treatment.

Role summary and job responsibilities


  • You will function as a domain authority for secure development practices and ensure they are known and adhered to throughout the enterprise.


  • Lead web application penetration tests to discover OWASP Top 10 style vulnerabilities.  


  • Provide advice and solutions within software development and engineering, as well as business teams, to convey findings and risk, leading discussions on remediation strategies and risk assessment.


  • Leads the execution of the SSDLC activities, serving as an SME on all types of testing and assessment of applications, platforms, and systems, as well as overall strategy.


  • Identifies non-obvious relationships and anomalies in technology stacks often overlooked by others.


  • Applies lessons learned with each engagement to the overall SSLDC process, improving efficiencies and capabilities with knowledge gained.


  • Provides feedback and mentoring to team members and technology teams and may directly lead small teams.


  • Other duties as assigned.


Knowledge


  • Solid knowledge of application architecture and layer 7 protocols.


  • Familiar with modern web app compromise methodology and kill chains.


  • Familiar with modern web application development frameworks.


  • Familiar with full stack cloud development such as containers, IAM policies, security groups, VPCs, infrastructure as code, etc.


  • Articulates broader business concerns and/or regulatory landscape, including key risks and controls (e.g., GDPR, MIFID, SOX, SOC1, SOC2).


  • Makes decisions that are cognizant of the firm’s broader security and technology strategies.


Requirements


  • Typically requires 5+ years of relevant experience


  • Knowledge of and technical familiarity with cutting edge of industry trends and technologies and knows when/how/if to apply them appropriately.


  • Defines security testing strategy for products and ensures alignment to strategy.


  • Knows and can implement modern software testing techniques (e.g. static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), etc.).


  • Expert understanding of modern authentication and authorization techniques and technologies.


  • Skilled in automating manual tasks and enabling customer self-service.


  • Advanced certifications such as OSCP/OSWE preferred.


Job Family: Security Assessment Engineering

Track: Knowledge Management (KM)

Level: 4

T. Rowe Price is committed to providing our associates with a comprehensive total rewards benefit program, including wellness, retirement and quality-of-life benefits.Please view What We Offer to see what's available to you.

T. Rowe Price is an equal opportunity employer and values diversity of thought, gender, and race. We believe our continued success depends upon the equal treatment of all associates and applicants for employment without discrimination on the basis of race, religion, creed, colour, national origin, sex, gender, age, mental or physical disability, marital status, sexual orientation, gender identity or expression, citizenship status, military or veteran status, pregnancy, or any other classification protected by country, federal, state, or local law.





More jobs in Owings Mills, Maryland


T. Rowe Price

T. Rowe Price

T. Rowe Price
More jobs in General Business


Hilton Global

Hilton Global

Hilton Global