Position is Monday through Friday from 8 am to 5 pm with the ability to work additional hours as project needs demand.

Incumbent can be located in Northwest Arkansas or anywhere within the Arvest 4 State Footprint (AR, KS, MO, OK). Remote work options may be available outside of the 4-state footprint upon further review during the interview process.

The story of Arvest is one of commitment started by our founders in 1961, with an intense dedication to focusing on our customers. We will always be active and involved members of the communities we serve, and we will always work to put the needs of our customers first as we continue to fulfill our mission – People helping people find financial solutions for life.

Job Title: Senior Application Security Engineer

A Senior Application Security Engineer at Arvest implements and maintains a security reference architecture within Arvest’s products and software development lifecycle. They ensure application security standards are delivered at the network, application, and code layer, coordinate penetration testing, and maintain various code vulnerability scanning tools. A Senior Application Security Engineer partners with IT and Development teams to develop application security policies and procedures and ensure compliance with industry regulations and requirements.

We are seeking candidates who embrace diversity, equity, and inclusion in a workplace where everyone feels valued and inspired.

What You’ll Do at Arvest: (Other duties may be assigned.)

• Serve as a technical point of contact for development as it relates to security automation, secure CI/CD, and products being securely developed and deployed into the cloud.

• Configuration and maintenance of SAST, DAST, and IAST tooling/processes.

• Configuration and maintenance of Web Application Firewalls tooling/processes.

• Configuration and maintenance of security capabilities for API workflows.

• Coordinate manual and automated penetration testing of web sites, APIs, systems, and networks.

• Assist teams in reproducing, triaging, and addressing application security vulnerabilities.

• Perform security risk assessments for all proposed application related changes.

• Perform security focused code reviews.

• Maintain discovery, documentation, and communication of application vulnerabilities to peer group and leadership.

• Understand and comply with bank policy, laws, regulations, and the bank's BSA/AML Program, as applicable to your job duties. This includes but is not limited to; complete compliance training and adhere to internal procedures and controls; report any known violations of compliance policy, laws, or regulations and report any suspicious customer and/or account activity.

Responsibilities:

Toolbox for Success:

• Bachelor’s Degree or equivalent relevant experience.

• 4 years of experience in an application development or application security role with hands on experience in secure coding practices.

• 1 year of experience with SaaS, IaaS, and PaaS models.

• 1 year of experience with various application security tools including SAST/DAST, penetration testing, etc.

• 1 year of experience securing cloud infrastructure and cloud applications (GCP experience is a plus).

• Knowledge in understanding various domains such as secure software development, system and network security, authentication and authorization protocols, cryptography, and application security.

• Understanding of security by design principles, architecture level concepts, security frameworks (NIST and PCI), OWASP, etc.

• Knowledge of current and emerging security technologies, threats, and techniques for exploiting security vulnerabilities in the code or application.

• A broad range of experience:

• Analyzing threats of cloud and application components.
• Implementing and integrating security tools into CI/CD and code repositories.
• Data security and governance.
• Development, scripting languages, and IAC (Java, Javascript/Typescript, Python, PHP, Terraform).
• Securing APIs with external entities.
• Web Application Firewalls.
• Agile and Scrum processes.

• Relevant military experience is considered for veterans and transitioning service members.

Preferred Experience:

• Experience in OWASP Top 10, CVE/CVSS research and/or bug bounty recognition.
• Security certifications such as CISSP, CASE, CASS, CSSLP, CEH or equivalent.
• Knowledge of fuzzing, memory corruption and exploit development.
• Ability to clearly communicate gaps and risks to leadership through verbal dialogue or written communication.
• Demonstrable teamwork skills and ability to partner in difficult situations.
• Ability to be proactive in a rapidly changing environment.
• Sharp analytical abilities and proven design skills.

Physical Demands:

The associate must be able to travel occasionally by themselves within the US, possibly overnight. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions.

We offer competitive compensation, benefits packages, and significant professional growth.

Along with an excellent benefits package, our associates are engaged, rewarded for performance, and encouraged to grow professionally and personally. Our future is driven by our associates. If you want to be recognized for your results and empowered to reach your potential, we urge you to apply.