- 7-10 years related business experience in application development, database required (proficient in speaking the language of application developers)
- Understanding of OWASP security concepts and common application security risks, such as XSS, XSRF, SQL Injection, Cookie Manipulation, etc.
- Strong knowledge of change management processes and the software development lifecycle
- Solid knowledge of operating systems, relational database architecture, client/server technology, business data processing, database analysis and design theory, transaction processing systems, wide and local area networks, communications protocols, encryption standards, and authentication protocols.
- Strong analytical skills, problem solving skills, and project management skills
- Extensive training in engineering disciplines including application and data security, systems programming, systems design, computer technology and software disciplines
- Preferred some experience with software penetration testing, secure code review, architectural risk assessment, and/or static code analysis
Education and Certifications
- Bachelor's degree or equivalent business experience in Computer Science, Database Administration, MIS or Electrical Engineering required
- Ethical hacking certification preferred as well as certified training in application security solutions and practices
- CISSP, CISA, CISM, GSEC, or related certification(s) required
- Knowledge of US Security regulatory requirements and environment in financial services industry a plus (i.e. FFIEC) preferred
- Experience working in a global / international environment with a broad range of policies and procedures preferred
- Quick learner in application security domains
- Exceptional communication skills – both verbal and written
- Detail-oriented and organized
- Break down complex problems into manageable units, develop solutions for each unit, and integrate them back into the whole
- Absorb new ideas quickly and then apply them pragmatically
- Identifies key or underlying issues in complex situations
- Assess the situation by identifying patterns or connections which are not obviously related
- Capable of adjusting to new environments and work effectively in varied situations
- Set goals and priorities that maximize the use of available resources
- Team-oriented, client-focused and open to different ideas/viewpoints
- Self-awareness of own behavior/work style, as well as tolerant of different needs and viewpoints
- Interest in others’ opinions and shows consideration, concern and respect for other people
Languages: (Other than English)
Data & Cyber Security (DCS) is globally responsible for securing and steering Information Security and Cybersecurity related risks for the Global Banking and Investor Solutions (GBIS) division and related Service Units. DCS is composed of diverse and talented professionals who translate ideas into action daily by combining the strength of its expertise with a deep understanding of GBIS and Service Unit needs.
DCS’s responsibilities cover the management of Information Security and Cybersecurity
frameworks and revolve around five areas of expertise – Identification, Protection, Detection, Response, and Recovery.
DCS achieves this while promoting a collaborative, innovative, diverse, and fun environment for its Information Security and Cybersecurity professionals.
The Sr. Application Developer - Information Security for Société Générale is responsible for implementing and managing the DCS Application Security strategy and supporting programs in the AMER region to ensure that security controls are functioning efficiently and effectively in the realms of application and database security logging, monitoring, alert management, incident handling, vulnerability and configuration management. These activities are performed in tight collaboration with application developers located in the AMER region and globally (e.g., India, France).
The position is hands-on and provides technical expertise to establish and implement security-related standards, procedures, and guidelines appropriate to securing the existing environment in partnership with various application development teams, engineering teams, and the business.
The position also supports the DCS team in doing security research and development, product evaluations, consulting, project support, and any other operational tasks needed to support the overall requirements of the Information Security program and strategy.
The bank will provide the necessary security and technical training curriculum and certification(s) for the candidate with proven and practical experience in application development activities, SDLC methodologies, programming and scripting languages, systems integration, analysis/design, etc. Candidates need to be able to demonstrate a strong control and data-centric mindset in their application development practices.