Product Security Engineer

Date Active

Requisition #

Hours Per Week

Location

City

State

Job Description / Requirements

The HSA Product Security Engineer will directly support HSA Bank in in achieving the desired/required security and risk management outcomes across all HSA Bank Products, Applications, and Platforms in line with Webster Enterprise policies and procedures. This includes internally developed applications, acquired platforms, and integrations with partners.

Job Responsibilities:

• Assist HSA IT leadership team in security related activities in alignment with Webster Enterprise policies.
• Performing hands-on support for application security related to HSA Bank applications and platforms including application code scanning, application penetration testing as well as software development standards and practices.
• Work with Enterprise Architecture Team, Enterprise Security, HSA Bank Software Development, and HSA Application Support teams on implementation of appropriate architecture and controls to appropriately mitigate security risks.
• Implement technical solutions for requirements supporting GLBA, SOX, FISMA, ISO, PCI, and HIPAA
• Recommend and coordinate/execute application of fixes, patches, and disaster recovery procedures in the event of a security breach
• Assist in the execution of risk assessments, external audits, penetration tests, and vulnerability assessments
• Ensuring that applications within environment comply with company security policies, standards, and procedures
• Continuously identifying gaps in security program coverage
• Demonstrating compliance with all bank regulations for assigned job function and applies to designated job responsibilities – knowledge may be gained through coursework and on-the-job training
• Keeping up to date on regulation changes
• Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security

Education, Experience and Skills Required:

• Bachelor’s degree in a related field required
• At least 5 years of IT systems, networks, and/or application security experience (combination acceptable)
• At least 3 years of IT security specific infrastructure or application-level vulnerability management, testing, and auditing experience
• At least 1 year of experience involving security systems including firewalls, intrusion detection/prevention systems, security information and event consolidation/correlation & reporting systems, authentication systems, assessing system and network vulnerabilities, and working with responsible groups to address them.
• Working experience and knowledge of Windows/Unix/Linux operating systems
• This position requires at least one of the following technical level certifications: Security+, MCITP, CEH, CCSP, CCNA, CCNP, CCIE Security