Senior Software Security Engineer

TD Ameritrade - Columbia, MD (30+ days ago)3.9


To all recruitment agencies: TD Ameritrade does not accept agency resumes. Please do not forward resumes to our job alias, TD Ameritrade employees or any other company location. TD Ameritrade is not responsible for any fees related to unsolicited resumes.

The TDA Security Risk Management (SRM) Group, under the leadership of the Chief Information Security Officer (CISO), is tasked to protect information assets in support of TDA business objectives and in conformity with TDA policies. The Software Security Assurance Team is a core function of SRM and is primarily responsible for establishing and guiding the Secure Software Development Program within TD Ameritrade. These activities include creation and rollout of software security policies and best practices, software security architecture, software security scanning, penetration testing, and the education of TDA software developers and testers in security best practices. The Software Security Engineer ensures the control and protection of software, improves the software development process, and minimizes defects and vulnerabilities in software production.

  • Perform static and dynamic application security tests and penetration tests.
  • Work with application development groups to understand different types of vulnerabilities, attack vectors and remediation approaches for web, mobile applications and APIs.
  • Help integration software security tools and practices with agile SDLC and devops.
  • Help application teams build applications which is secure by providing security requirements and security patterns, re-usable code, etc.
  • Perform software security design and/or code reviews.
  • Assess the security risks associated with software applications.
  • Manage WAF rules and create custom policies when needed.
  • Bachelor’s degree in a related field and/or a minimum of 5 years of equivalent experience.
  • 5+ years of experience as an engineer for a Software Security Assurance or Software Development team
  • Expert knowledge of application vulnerability types, attack vectors and remediation approaches
  • Ability to perform security code reviews and provide remediation guidance in Java web applications and micro-services.
  • Expert understanding of the IP protocols and associated security mechanisms: TCP/IP, HTTP, SSL/TLS, PKI.
  • Proficiency with dynamic and static application penetration testing and vulnerability scanning tools such as Fortify, Burp Suite Pro, etc
  • Knowledgeable of industry best practices for secure software development as well as web and mobile application security.
  • Familiarity with encryption and hashing techniques, authentication and authorization and other security mechanisms
  • Experience with either WAF/RASP and/or Threat Modeling a plus.