Senior Security Engineer AppSec
Indexed description
Headquartered in California, East West Bank (Nasdaq: EWBC) is a top-performing commercial bank with a strong foundation, an enterprising spirit and a commitment to absolute integrity. East West Bank gives people the confidence to reach further.
Overview
The Senior Cyber Security Engineer will lead and execute security initiatives across the application lifecycle, integrating security into DevOps pipelines, managing vulnerability assessments, and coordinating penetration testing efforts. This role ensures that applications are secure by design and resilient against evolving threats.
Responsibilities
Application Security & DevSecOps Integration
- Embed security controls into CI/CD pipelines using GitHub workflows and automation tools.
- Collaborate with development teams to implement secure coding practices and threat modeling during design and development phases.
- Manage GitHub Advanced Security configurations, including secret scanning, push protection, and impact analysis.
- Conduct Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) using approved tools (e.g., CodeQL, Dependabot, OWASP ZAP).
- Perform manual and automated code reviews to identify vulnerabilities and ensure remediation through code fixes or configuration changes.
- Maintain accurate mapping of applications to GitHub repositories to support vulnerability tracking and reporting.
- Perform regular API security assessments and integrate monitoring tools like Data Theorem for endpoint protection
- Implement and manage Web Application Firewall (WAF) policies and monitor logs for threat detection
- Scope and schedule internal and third-party penetration tests for internet-facing and extranet applications
- Validate findings, coordinate remediation with development teams, and track progress in ServiceNow and Jira
- Generate and present vulnerability metrics to senior leadership, highlighting risk posture and remediation progress
- Ensure compliance with internal standards and regulatory requirements (e.g., GLBA, SOX, SOC2)
- Deliver targeted training sessions based on impact analysis and vulnerability trends to improve developer awareness
- Lead bi-weekly AppSec Management Update & Post-Finding Review Training meetings
- May perform other duties as assigned
- 3+ years of experience in application security, DevSecOps, or related fields.
- Proficiency in GitHub, SAST/DAST tools, WAF technologies, and API security frameworks.
- Strong understanding of secure SDLC, threat modeling (e.g., STRIDE), and vulnerability management.
- Experience coordinating penetration tests and managing third-party vendors.
- Excellent communication and stakeholder engagement skills.
Compensation
The base pay range for this position is USD $130,000.00/Yr. - USD $220,000.00/Yr. Exact offers will be determined based on job-related knowledge, skills, experience, and location.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search