Fiserv delivers technology solutions that enable secure, efficient financial services for clients worldwide. The Cyber Application Security team focuses on safeguarding application-level assets across development and production environments. In this role you will design and operationalize application security controls to protect client data and support secure product delivery.
Requirements
- 10+ years of experience in application security architecture, threat modeling, and secure coding frameworks (OWASP Top 10, threat modeling methodologies).
- 10+ years of experience in vulnerability management and open-source risk management including hands-on use of SCA tools such as Sonatype Lifecycle.
- 8+ years of experience securing CI/CD pipelines and build systems (Jenkins, GitLab CI, Azure DevOps).
- 8+ years of experience with cloud platform security (AWS, Microsoft Azure, Google Cloud Platform) and cloud-native security controls.
- 8+ years of experience in container and runtime security, including Docker, Kubernetes, and runtime protection/observability tools (e.g., Dynatrace, Falco).
- 6+ years of experience in Infrastructure as Code (Terraform, CloudFormation) scanning and IaC security tooling (Checkov, tfsec).
- 6+ years of experience in server/OS administration and logging/monitoring (Linux/Unix/Windows, SIEM/Splunk, centralized logging).
Responsibilities
- Design, implement, and maintain application security strategies, standards, and frameworks across product lines.
- Perform security assessments, threat modeling, and secure code reviews to identify and remediate vulnerabilities.
- Lead the development and execution of SCA, runtime vulnerability, and CI/CD/pipeline security programs.
- Integrate security tooling into CI/CD pipelines and collaborate with engineering teams to enforce secure development practices.
- Triage and respond to application security incidents, perform root cause analysis, and drive corrective actions.
- Configure and manage application security tools (SCA, DAST, SAST, runtime monitoring) and validate their effectiveness.
- Partner with cloud, platform, and DevOps teams to secure cloud-native workloads, containers, and IaC.
Other
- This role is on-site Monday through Friday.
- This role requires the use of a computer and audio equipment.
- Approximately 0% travel off-site or to other office locations is expected.
- You must currently possess valid and unrestricted U.S. work authorization to be considered for this role. Individuals with temporary visas including, but not limited to, F-1 (OPT, CPT, STEM), H-1B, H-2, or TN, or any candidate requiring sponsorship, now or in the future, will not be considered for this role.
- Program leadership experience building and scaling DevSecOps or application security programs across multiple product teams.
