Since 1973, East West Bank has served as a pathway to success. With over 120 locations across the U.S. and Asia, we are the premier financial bridge between the East and West. Our teams of experienced, multi-cultural professionals help guide businesses and community members on both sides of the Pacific looking to explore new markets and create new opportunities, and our sustained growth and expertise in industries like real estate, entertainment and media, private equity and venture capital, and high-tech help build sustainable businesses and expand our associates’ potential for career advancement.
Headquartered in California, East West Bank (Nasdaq: EWBC) is a top performing commercial bank with an exclusive focus on the U.S. and Greater China markets. With a strong foundation, and enterprising spirit and a commitment to absolute integrity, East West Bank gives people the confidence to reach further.
The Senior Cyber Security Engineer – AppSec and Vulnerability Management will participate in establishing and maintaining a corporate wide Cyber Security management program to ensure that information assets are adequately protected. We are seeking a highly skilled Application Security Engineer with strong background in both API, application security assessment, and experience with web application firewalls. This role will be responsible for ensuring the security of our applications and APIs, and will play a critical role in protecting our systems and data from threats.
As an East West Bank employee, the Cyber Security engineer will be part of a growing and stable organization that provides career path development opportunities while serving a growing and profitable market. The Cyber Security Engineer will work with senior members of the team to enhance and mature the security operations program.
Application Security
Technical lead in securing software applications and ensuring they are resistant to security threats. Develop strategies and plans to achieve security requirements and address identified risks.
Implement and maintain security measures to protect applications from threats. Ensure compliance with security standards and best practices.
Stay updated on the latest application security threats and mitigation techniques.
Perform security testing and vulnerability assessments to identify security strengths and weaknesses, to assess, maintain and troubleshoot vulnerability management infrastructure.
API Security Assessment:
Conduct regular API security assessment to identify vulnerabilities and risks. Develop and implement strategies to mitigate identified risks.
Application Security Assessment:
Perform comprehensive security assessments of our applications to identify potential vulnerabilities and risk. Develop and implement effect strategies to address these risks.
Conduct security reviews and assessments of application code to identify vulnerabilities.
Perform static and dynamic code analysis to identify security flaws. o Collaborate with software development teams to integrate security into the software development lifecycle.
Remediate security issues found in applications through code fixes or configuration changes.
Web Application Firewall (WAF)
Implement and manage WAF rules and policies. Monitor WAF logs and alerts to identify and respond to security threats.
Threat Modeling:
Identify potential threats and vulnerabilities in the application design phase. Develop strategies to mitigate these threats.
Security Training:
Provide training and guidance to development teams on secure coding practices and API security.
Incident Response:
Participate in incident response and forensic analysis in the event of a security breach.
Other:
Customer Service: support stakeholders’ vulnerability questions and inquiries.
Work with technologists to optimize vulnerability detection capabilities.
Perform scans with vulnerability scanners and DAST scanners.
WAF Management: Configure, manage, and fine-tune WAF policies to protect web applications from threats and attacks. Monitor WAF logs and alerts to respond to and mitigate potential security incidents.
Collaboration and Communication: Work closely with development, operations, and other IT teams to promote a security-first culture. Communicate security risks and recommendations effectively to technical and non-technical stakeholders.
Reporting: prepare regular reports on KRI and KPIs.
InfoSec Lead in vulnerability management remediation efforts including analyzing findings from network scanners and application security tools
Support the vulnerability management program by reviewing and inputting approved exceptions in vulnerability management solution.
Preferred Certifications & Skills:
Software Powered by iCIMS
www.icims.com