StoneX Group Inc. is seeking an experienced Application Security Engineer to secure applications throughout the SDLC and manage Cloudflare's edge security features. The role involves collaboration with development teams to enhance secure coding practices and implement security tools.
Overview Permanent, full-time, hybrid Connecting clients to markets – and talent to opportunity. With 4,500+ employees and over 300,000 commercial, institutional, payments, and retail clients, we operate from more than 70 offices spread across six continents. As a Fortune 100, Nasdaq-listed provider, we connect clients to the global markets – focusing on innovation, human connection, and providing world-class products and services to all types of investors. Whether you want to forge a career connecting our retail clients to potential trading opportunities, or ingrain yourself in the world of institutional investing, StoneX Group is made up of four business segments that offer endless potential for progression and growth. Engage in a deep variety of business-critical activities that keep our company running efficiently. From strategic marketing and financial management to human resources and operational oversight, you’ll have the opportunity to optimize processes and implement game-changing policies. Corporate: Engage in a deep variety of business-critical activities that keep our company running efficiently. From strategic marketing and financial management to human resources and operational oversight, you’ll have the opportunity to optimize processes and implement game-changing policies. Responsibilities Position purpose: The Application Security Engineer role at StoneX is a hands-on position focused on securing applications across the SDLC while managing and tuning Cloudflare’s edge security features, including WAF, Zero Trust, bot management, and API protections. The engineer will work closely with development teams to embed secure coding practices, conduct threat modeling, integrate and manage tools like SAST, DAST, and SCA in CI/CD pipelines, and support manual assessments such as bug bounties and penetration testing. The ideal candidate has at least 5 years of AppSec experience, strong expertise in Cloudflare security products, and a solid understanding of secure development practices. Experience with languages like Java, C#, JavaScript, or Python, as well as tools like GitHub Actions, Veracode, Burp Suite, and Snyk is highly valuable. A background in cloud environments (AWS, GitHub, or Azure) and relevant certifications (Security+, CEH, or Cloudflare) are preferred. The role is designed for someone who can lead technical efforts, partner with cross-functional teams, and help scale and mature the organization’s application security program. Responsibilities: • Own and manage application-layer protections in Cloudflare, including WAF rules, API security, bot mitigation, and traffic controls. • Review and enhance Cloudflare configurations to protect against emerging threats and align with business needs. • Drive application security across the SDLC through collaboration with dev teams, threat modeling, code reviews, and education. • Integrate and manage SAST, DAST, and SCA tools into CI/CD workflows to catch issues early and at scale. • Participate in and support manual security assessments, bug bounty validation, and pen-testing efforts. • Develop and refine internal policies, secure coding standards, and AppSec best practices. • Analyze vulnerabilities for exploitability and impact, coordinate remediation plans, and track resolution. • Help scale the AppSec program by improving visibility, coverage, and developer engagement. • This list of duties and responsibilities is not intended to be all-inclusive and can be expanded to include other duties or responsibilities that management deems necessary. Technology Ecosystem: • Languages/Stacks: Java, C#, JavaScript, Python • Security Testing: SAST, DAST, SCA, manual code review, penetration testing • Edge Security: Cloudflare WAF, Zero Trust, Bot Management, Rate Limiting • Cloud & CI/CD: GitHub Actions, Azure DevOps, AWS • Processes: Secure SDLC, threat modeling, bug bounty, vulnerability management Qualifications Required: • 5+ years of experience in Application Security • Experience with Cloudflare WAF and related products (e.g., WAF configurations, bot management, access controls) • Strong understanding of secure coding practices, authentication, and access control • Familiarity with tools such as Burp Suite, Veracode, GHAS, Snyk, or similar • Experience working with CI/CD pipelines and development teams to shift security left Preferred: • Hands-on development background (Java, C#, Python, or JavaScript) • Knowledge of bug bounty operations, OWASP Top 10, and modern web security risks • Experience with threat modeling methodologies and risk-based vulnerability triage • Cloud knowledge (AWS, Azure) is a plus Education / Certifications: • Bachelor’s degree in Computer Science, Cybersecurity, or related field • Certifications such as Security+, CEH, or cloudflare related certifications are a plus Hiring Salary Range $90,000.00 - $120,000.00 per year to be determined by the education, experience, knowledge, skills and abilities of the applicant, internal equity and alignment with market data). Subject to business performance and recommendations of management, this role may be eligible to participate in an incentive compensation plan. This compensation package, in addition to a full range of medical, financial, and/or other benefits, dependent on the position, is offered.
The Associate Principal, Security Engineering (Application Security) at The Options Clearing Corporation focuses on enhancing application and software security through collaboration with IT and development teams. This role involves performing security assessments, automating security processes, and implementing secure development practices.
American Express Global Business Travel is seeking a Director of Application Security to lead the development of a world-class application security program. This role involves shaping security strategies across the software development lifecycle and managing a global team of security engineers.
McKesson is seeking a Sr. Application Security Engineer to enhance application security practices within the organization. The role involves integrating security into the SDLC, implementing DevSecOps, and managing vulnerabilities.
The Director of Application Security at American Express Global Business Travel will lead the strategic development of a world-class application security program, focusing on integrating security into the software development lifecycle. This role involves managing a global team and collaborating with various technical teams to enhance security practices across the organization.
StoneX Group Inc. is seeking an experienced Application Security Engineer to secure applications throughout the SDLC and manage Cloudflare's edge security features. The role involves collaboration with development teams to enhance secure coding practices and implement security tools.
American Express Global Business Travel is seeking a Director of Application Security to lead the development of a world-class application security program. This role involves embedding security across the software development lifecycle and managing a global team of security engineers.
The Associate Principal, Security Engineering (Application Security) at The Options Clearing Corporation focuses on enhancing application and software security through collaboration with IT and development teams. This role involves performing security assessments, automating security processes, and implementing secure development practices.
American Express Global Business Travel is seeking a Director of Application Security to lead the development of a world-class application security program. This role involves shaping security strategies across the software development lifecycle and managing a global team of security engineers.
McKesson is seeking a Sr. Application Security Engineer to enhance application security practices within the organization. The role involves integrating security into the SDLC, implementing DevSecOps, and managing vulnerabilities.
The Director of Application Security at American Express Global Business Travel will lead the strategic development of a world-class application security program, focusing on integrating security into the software development lifecycle. This role involves managing a global team and collaborating with various technical teams to enhance security practices across the organization.
StoneX Group Inc. is seeking an experienced Application Security Engineer to secure applications throughout the SDLC and manage Cloudflare's edge security features. The role involves collaboration with development teams to enhance secure coding practices and implement security tools.
American Express Global Business Travel is seeking a Director of Application Security to lead the development of a world-class application security program. This role involves embedding security across the software development lifecycle and managing a global team of security engineers.
The Associate Principal, Security Engineering (Application Security) at The Options Clearing Corporation focuses on enhancing application and software security through collaboration with IT and development teams. This role involves performing security assessments, automating security processes, and implementing secure development practices.
American Express Global Business Travel is seeking a Director of Application Security to lead the development of a world-class application security program. This role involves shaping security strategies across the software development lifecycle and managing a global team of security engineers.
StoneX Group Inc. is seeking an experienced Application Security Engineer to secure applications throughout the SDLC and manage Cloudflare's edge security features. The role involves collaboration with development teams to enhance secure coding practices and implement security tools.