Senior Application Security Engineer - Hybrid

Is it a Bank? A cooperative? A leader in affordable housing? We are all those things and more!

Our core mission at FHLBank Indianapolis is to provide reliable and readily available liquidity to our member institutions to support housing finance and community development. Simply put, we’re a bank for banks, credit unions, community development financial institutions and insurers across Indiana and Michigan. We also assist in meeting the economic and housing needs of communities and families through grants and subsidized advances that support affordable housing and economic development.

But enough about us, let’s talk about you.

Are you looking for a company that views their employees as their greatest asset?

A company that’s dedicated to making a difference in the community? So much so they pay their employees to volunteer?

Do you want to join a talented workforce that prioritizes equal opportunity within an inclusive culture, and promotes learning and development, unique skills/ideas, and employee engagement?

If you’ve said yes to these questions, then we might be a match!

Here is what we offer:

• Flexible hybrid workforce model: Onsite three days a week and two days remote. We also offer remote flex days!

• Fantastic, competitive pay and total rewards

• Industry-high 401(k) match: up to 6% PLUS…an additional 4% contribution!

• Tuition reimbursement assistance: To help you continue to develop personally and professionally.

• Student loan repayment assistance: That’s right, we will help you repay outstanding student loans!

• Awesome Benefits Package: Medical, dental, vision benefits and even pet (you read that right) insurance!

• Generous time off: Vacation, paid federal holidays, birthday month floating holiday, volunteer day and summer hours program

• “Dress for your day” dress code: You choose the appropriate work attire based on what your day looks like.

Statistics show that it is less likely for some candidates to submit their application if they don't meet all the criteria within the job description. If this is you, we encourage you to give yourself a chance and submit your application anyway, as you may be the perfect match for this role!  ​

Purpose:

The Senior Application Security Engineer is responsible for working closely with Bank management and members of the Information Security and Solution Delivery Departments to execute a Bank wide application security management program. This position is responsible for advancing the Bank’s application security posture as well as identifying, evaluating, and reporting on application security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.

The following statements are intended to describe the general nature and level of work being performed by persons assigned to the job. They are not intended to be an exhaustive list of all responsibilities or abilities required of persons so classified. The Bank reserves the right to alter or amend this description at any time.

Specific Responsibilities:

• Oversee the application security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology, and threat drivers.

• Define and manage the plans and roadmaps supporting application security strategy ensuring the organization is following sound enterprise architecture practices.

• Ensure that application security issues and concerns are appropriately addressed.

• Evaluate applications for security and work with Solution Delivery and Information Security management to define remediation plans to address security concerns.

• Use security analysis tools to support broad testing and vulnerability discovery. Ensure applications are built according to enterprise security standards.

• Understand Pen testing/ Red team activities – Network, Web applications, Perimeter, Physical, Wireless etc. Act as a Pen testing administrator to scope and schedule periodic pen tests at the bank per requirements.

• Decipher pen testing findings, challenge results and review remediation plans with internal teams to align with SLAs.

• Provide regular engagement and reporting to the Associate Director, Information Security to ensure Information Security oversight of the Application Security Program.

• Report on activities to mitigate application security risks and ensure application security management efforts are prioritized and in alignment with the Bank’s Information Security strategy, goals and objectives.

• Provide regular reporting to key stakeholders on the current status of the Application Security Program as the functional lead of the Application Security Working Group (ASWG).

• Secure code reviews and additional responsibilities:

• Work with development teams to review application source code for security and operational flaws.

• Provide detailed security documentation to developers, software engineers and technical personnel when necessary.

• Provide guidance and recommendations to software architects and engineers on how to correct code related security flaws.

• Maintain and contribute to enterprise secure software delivery standards.

• Coordinate with the software delivery teams to advocate secure coding practices and escalate concerns related to poor coding practices to the leadership.

• Actively coach and educate software developers on application security standards and best practices.

• Coach and mentor junior members of the team, leads by example.

Competencies:

Business

• Job Knowledge

General

• Decision Making/Judgment

• Dependability

• Productivity

• Team Leadership

People

• Communication

• Collaboration

Position Requirements:

• Minimum of 8 years' of cyber security experience.

• Minimum of 4 years' of application security experience.

• Excellent oral and written communication skills.

• Direct, hands-on experience using application security tools.

• Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.

• Strong working knowledge of networking and application interconnectivity.

• Top skills: Application Security, OWASP, SAST, DAST, Burp suite, Java, .Net, Python.

• Must not have been convicted on any civil or criminal charge that would suggest a risk to Bank security.

• Ability to work full-time.

• Ability to uphold and model the Bank’s Guiding Principles.

Hiring Range: $127,000 - $149,000

Hiring ranges reflect the base salary that the Bank reasonably expects to pay for a given role and is not inclusive of annual incentive award opportunities, retirement benefits or the value of other health and welfare or other ancillary benefits. We consider many factors when determining base salaries such as individual background and experience, the competitive environment, education, particular skill set(s), and industry and institutional knowledge.

FHLBank Indianapolis is an Equal Opportunity Employer.