TIAA Senior Application Security Analyst in Raleigh, North Carolina
As a member of the Infrastructure Security team, the Senior Information Security Vulnerability Assessment Specialist will be primarily responsible for the security associated with TIAA web-based applications. The specialist will be responsible for maintaining processes to scan applications, review code and identify/assess/remediate vulnerabilities that are applicable to TIAA applications.
Key Responsibilities and Duties
Performs static/dynamic/interactive code testing, manual code inspection, threat modeling, design reviews of web applications to identify vulnerabilities and security defects.
Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
Able to build and maintain application security best practices into the SDLC/CI/CD frameworks (shift controls left)
Serves as a Subject Matter Expert (SME) in web application security for enterprise projects during development phases to provide Information Security consulting and recommendations, ensuring the implementation of approved security requirements.
Develops and implement manual and automated security testing of web applications to enforce security standards.
Works with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concept and pilot installations
Validates outputs from automated vulnerability assessments to reduce false positives and update those tools to prevent reoccurrence
Provide support (Ad-hoc scanning) for incident response and remediation teams
3 Years Required; 5 Years Preferred
University (Degree), Preferred
- Physical Requirements: Sedentary Work
- University (Degree)
- Minimum 3 years of experience in Information Security performing any of the following: vulnerability assessment, vulnerability scanning, secure code review, penetration testing, application based vulnerabilities, application development/operations, application vulnerability remediation, networking, baseline compliance management.
Bachelor's degree in a STEM related curriculum
Experience with application security assessment tools (ie. Checkmarx, BURP Enterprise , Veracode, etc….)
Understanding of current threats and exploits to include experience with threat remediation
Understanding of application development and development operations (CI/CD/SDLC) processes
Experience in identifying and remediating common web application vulnerabilities such as OWASP Top 10.
Experience in use of various commercial and open source penetration testing tools and methodologies and performing penetration testing of web applications and operating systems.
Experience with various code repositories including GitHub
Experience with continuous integration tools such as Jenkins
Security certifications such as CISSP, CISM, CISA, GIAC, Security+ Good judgment and analytical skills, strong follow-up and organizational skills are paramount skills for the successful candidate
Ability to have good working relationships with outside vendors and developing relationships with professional organizations, peer groups, and industry trade groups and conferences to stay current with technology
Experience with Jira
Potential Salary: $108,300.00 USD
Actual base salary may vary based upon, but not limited to, relevant experience, time in role, base salary of internal peers, prior performance, business sector, and geographic location. In addition to base salary, the competitive compensation package may include, depending on the role, participation in an incentive program linked to performance (for example, annual discretionary incentive programs, non-annual sales incentive plans, or other non-annual incentive plans).
TIAA is the leading provider of financial services in the academic, research, medical, cultural and government fields. We offer a wide range of financial solutions, including investing, banking, advice and education, and retirement services.
Benefits and Total Rewards
The organization is committed to making financial well-being possible for its clients, and is equally committed to the well-being of our associates. That’s why we offer a comprehensive Total Rewards package designed to make a positive difference in the lives of our associates and their loved ones. Our benefits include a superior retirement program and highly competitive health, wellness and work life offerings that can help you achieve and maintain your best possible physical, emotional and financial well-being. To learn more about your benefits, please review our Benefits Summary (https://www.tiaa.org/public/pdf/benefits-at-a-glance.pdf) .
We are an Equal Opportunity/Affirmative Action Employer. We consider all qualified applicants for employment regardless of age, race, color, national origin, sex, religion, veteran status, disability, sexual orientation, gender identity, or any other protected status.
Read more about the Equal Opportunity Law here (https://www.dol.gov/general/topics/posters) .
TIAA offers support for those who need assistance with our online application process to provide an equal employment opportunity to all job seekers, including individuals with disabilities.
If you are a U.S. applicant and desire a reasonable accommodation to complete a job application please use one of the below options to contact our accessibility support team:
Phone: (800) 842-2755
For residents of California, please click here (https://www.tiaa.org/public/tiaa-nuveen-ca-privacy) to access the TIAA CA Applicant Privacy Notice.
For residents of the EU / UK, please click here (https://www.tiaa.org/public/nuveen-eu-uk-privacy) to access the EU / UK Pre-employment Notice.
For all other residents, click here (http://www.tiaa.org/public/tiaa-nuveen-privacy) to access the Applicant Privacy Notice.
TIAA started out over 100 years ago to help ensure teachers could retire with dignity. Today, many people who work at not-for-profits rely on our wide range of financial products and services to support and strengthen their financial well-being.