Job description
SUMMARY: The Sr. Application Security Engineer is responsible for leading the secure development and delivery of applications, services, and cloud workloads across BankUnited. This role combines deep technical expertise with strategic oversight to ensure that security is embedded into the software development lifecycle (SDLC), DevSecOps pipelines, and cloud architectures. The Engineer partners closely with development, DevOps, cloud, and security architecture teams to design, implement, and validate security controls-while providing technical guidance in application threat modeling, secure coding, and vulnerability remediation.
ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties and special projects may be assigned.
• Oversee application security initiatives, ensuring security is integrated into all stages of the SDLC.
• Establish, implement, and maintain DevSecOps security standards, procedures, and automation pipelines.
• Perform application threat modeling to identify and address risks during design and development phases.
• Conduct security code reviews, dynamic application security testing (DAST), and static application security testing (SAST).
• Assess the security posture of web, mobile, and SaaS/PaaS/IaaS applications.
• Provide remediation guidance to developers and ensure vulnerabilities are addressed in line with SLAs.
• Evaluate encryption algorithms, key management practices, and cryptographic implementations.
• Develop and track application security metrics, KPIs, and program maturity measures.
• Design and implement secure Infrastructure-as-Code (IaC) templates using tools like Terraform and CloudFormation.
• Implement cloud deployment security automation and container security hardening.
• Perform vulnerability assessments and risk analysis for cloud-native and hybrid workloads.
• Maintain deep knowledge of AWS and/or Azure security services, IAM, and cloud-native security tools.
• Research emerging security threats, vulnerabilities, and frameworks to inform security strategy.
• Create, maintain, and disseminate application security policies, standards, and guidelines to development teams.
• Collaborate with architecture, engineering, and product teams to align on secure design patterns and requirements.
• supporting security initiatives focused on secure coding practices and secure system design.
• Partner with leadership to evaluate new security tools, technologies, and integrations for application and cloud security.
• Support compliance audits and provide technical evidence for regulatory requirements (NIST CSF, PCI-DSS, SOX, GLBA).
• Adheres to and complies with applicable, federal and state laws, regulations and guidance, including those related to anti-money laundering (i.e. Bank Secrecy Act, US PATRIOT Act, etc.).
• Adheres to Bank policies and procedures and completes required training.
• Identifies and reports suspicious activity.
EDUCATION
Bachelor's Degree or Master's degree in Computer Science, Information Technology, Cybersecurity, or related field
EXPERIENCE
• 3-5 years of experience in application security, cloud security, or DevSecOps roles
• Hands-on experience with application security testing tools such as Veracode, GitHub Dependabot, Wiz, StackHawk
• Proficiency in at least one programming or scripting language (Python, PowerShell, NET, Rego, JavaScript)
• Experience with IaC security tools (Terraform, CloudFormation)
• Strong understanding of SDLC methodologies, CI/CD security integration, and DevSecOps principles
• Familiarity with compliance frameworks and regulatory requirements (NIST CSF, PCI-DSS, SOX, GLBA)
• Experience with container orchestration platforms (Docker, Kubernetes, EKS/AKS) and their security hardening preferred
• Background in financial services or other highly regulated industries preferred
• Experience with threat modeling methodologies (PASTA, STRIDE) preferred
CERTIFICATES, LICENSES, REGISTRATIONS
• CSSLP, CISSP, CCSP, GCSA, AWS/Azure Security Specialty. preferred
KNOWLEDGE, SKILLS AND ABILITIES
• Strong knowledge of secure coding principles and common vulnerabilities (OWASP Top 10, CWE).
• Knowledge of AWS and/or Azure security services, IAM, and cloud-native security tooling.
• Excellent communication skills with the ability to influence cross-functional teams.
#GoForMore
Requirements: Candidates residing in locations within BankUnited's footprint may be given preference.
Requirements
• Bachelor's Degree or Master's degree in Computer Science, Information Technology, Cybersecurity, or related field
• 3-5 years of experience in application security, cloud security, or DevSecOps roles
• Hands-on experience with application security testing tools such as Veracode, GitHub Dependabot, Wiz, StackHawk
• Proficiency in at least one programming or scripting language (Python, PowerShell, NET, Rego, JavaScript)
• Experience with IaC security tools (Terraform, CloudFormation)
• Strong understanding of SDLC methodologies, CI/CD security integration, and DevSecOps principles
• Familiarity with compliance frameworks and regulatory requirements (NIST CSF, PCI-DSS, SOX, GLBA)
• CERTIFICATES, LICENSES, REGISTRATIONS
• CSSLP, CISSP, CCSP, GCSA, AWS/Azure Security Specialty
• KNOWLEDGE, SKILLS AND ABILITIES
• Strong knowledge of secure coding principles and common vulnerabilities (OWASP Top 10, CWE)
• Knowledge of AWS and/or Azure security services, IAM, and cloud-native security tooling
• Excellent communication skills with the ability to influence cross-functional teams
• Requirements: Candidates residing in locations within BankUnited's footprint may be given preference
