Application Security Engineer

Description

Elevate Your Career

Work where your ideas have impact

COMPANY

Allspring Global Investments is a leading independent asset management firm that offers a broad range of investment products and solutions designed to help meet clients' goals.

At Allspring, our vision is to inspire a new era of investing that pursues both financial returns and positive outcomes.

With decades of trusted experience propelling us forward, we strive to build portfolios aimed at generating successful outcomes for our clients.

We do this through the independence of thought that powers our investment strategies and by bringing a renewed approach to look around the corner to unlock what's possible.

Allspring is a company committed to thoughtful investing, purposeful planning, and the desire to deliver outcomes that expand above and beyond financial gains.

For more information, please visit About Us - Allspring Global Investments .

At Allspring, unique views inspire us. We leverage the diversity of people, ideas, and skills to help our clients pursue their financial goals.

We strive to attract and retain a diverse talent pool that enables us to better serve our global client base. Intentionally fostering a diverse and inclusive culture allows us to empower innovation, productivity, and engagement.

It's also essential for elevating the experience of our clients as well as the communities in which we operate. Thank you for considering Allspring as you explore the next step in your career journey.

POSITION

Allspring Global Investments is seeking an experienced Application Security Engineer to join our exceptional Engineering and Technology (AllspringET) Information Security team.

In this role, you will have the unique opportunity to contribute to the security practices within Allspring's software development lifecycle.

We currently operate in a hybrid working model, whereby you will be required to work in-office 3 days a week.

Location(s) : Charlotte, NC

RESPONSIBILITIES

• Act as an expert and builder for cloud-based technologies, prioritizing security, performance, operability, and scalability.
• Support the implementation of advanced front-end technologies within technology and business groups as an in-house specialist.
• Foster strong relationships with developers, technology teams, solution teams, and business application owners.
• Develop and implement effective security measures by following established industry standards.
• Develop and implement innovative cloud technologies to differentiate our offerings.
• Collaborate and consult with technical experts, technology teams, and external industry groups to address complex technical issues and achieve our goals.

REQUIRED QUALIFICATIONS

• Bachelor's degree or higher in MIS, CS, or another technology-related field OR equivalent combination of education and work experience.
• 5+ years of engineering and technology experience, preferably in Financial Services, Technology, or a related field.
• 2+ years of experience in static code analysis using SonarQube and Jfrog Xray or other industry-standard scanning tools.
• 2+ years of experience working within a DevSecOps framework, including expertise in version control, continuous integration, continuous testing, configuration management, and secure containerization.
• 2+ years of experience with applications running in AWS, including knowledge of AWS Security in areas such as IAM and KMS.
• 2+ years of experience conducting security assessments of Cloud-based applications and ensuring compliance with relevant standards and frameworks.
• 2+ years of experience with AWS or other hyperscale cloud provider implementation.
• Demonstrated expertise in strengthening applications by implementing effective strategies in areas such as Identity and Access Management, Data Security, Container Security, and Secrets Management.
• Knowledge of secure containerization, with experience using industry-standard containerization platforms such as AWS ECS and Kubernetes.
• Understanding of common application attack vectors within industry-standard frameworks like OWASP and MITRE ATT&CK.

PREFERRED QUALIFICATIONS

• Familiarity with Jenkins or another industry-standard software build automation platform.
• Proficiency in C-based programming languages (C# / C++) as well as web development languages such as JavaScript and Node.js.
• Ability to multitask in a fast-paced environment and prioritize duties to meet deadlines with limited supervision.
• Excellent verbal and written communication skills.
• Strong influencing and consensus-building skills.
• Proven track record of approaching challenges with a strategic problem-solving approach.
• Effective teaching and mentoring abilities.
• Impressive presentation and communication capabilities.
• Willingness to occasionally travel outside of the primary work location.
• Demonstrated success working effectively in a heavily distributed environment.
• Consulting experience is a plus.
• Track record of maintaining strong documentation.
• Capability to share knowledge with essential team members and serve as a valuable resource.
• Demonstrated ability to deliver on-call support and resolve challenges autonomously.
• Confidence in interacting with counterparts at all levels within the organization.
• Proficient in identifying and finding solutions to complex problems.
• Demonstrated ability to collaborate with teams across multiple locations.

LI-CD1

LI-Hybrid

We are an Equal Opportunity / Affirmative Action Employer. We consider all qualified applicants for employment regardless of age, race, color, national origin, sex, religion, veteran status, disability, sexual orientation, gender identity, or any other protected status.

Equal Opportunity Employer / Protected Veterans / Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.

However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)