Performing APPSEC reviews including threat modeling, and code reviews. Building technical solutions to embed automated security checks into the AI SDLC and ML-Ops. Meeting with the software development teams to understand a new application they are building and providing them with feedback on their architecture. Leverage SAST, DAST, SCA tools to create findings and translating them to severity of risks to perform this in capital groups technology environment. Write clear, succinct and effective technical documentation summarizing your findings, risks, and recommendations. Write automated proof-of-concepts, and automated security tests by authoring security testing tools where needed. Collaborate with technology stakeholders and advise on risks for technology solutions such as Saas services and how they integrate with cgs environment. Communicate effectively and have an empathetic outlook towards development teams by authoring clear, actionable guidance on writing secure code. Effectively present to development teams educating them on secure development. Education/Experience: Bachelors degree in Computer Science, or Computer Engineering, or closely related technical field (or foreign equivalent), plus Four (4) years of experience as an Information Security Engineer, Application Security Engineer, Security Engineer, Security Analyst, Threat Intelligence Analyst, Cybersecurity Specialist, or similar occupation. Specials Skills: Must possess expertise/knowledge sufficient to adequately perform the duties of the job being offered. Expertise/knowledge may be gained through employment experience or education. Such expertise/knowledge cannot be quantified by time. Required expertise/knowledge includes: Knowledgeable of threat modeling, code reviews, network security, TCP/IP, DNS, TLS, and HTTP. Experience with technologies including threat modeler/threat dragon, scoutsuite, veracode, checkmarx, netsparker, and dast scanners including burpsuite. Experience automating tasks in python, BASH, JAVA, C/C#/C++, and RUST. Proficient of attacks in AWS, AZURE, and OAUTH. Experience simplifying and documenting complex technical application security details, and accurately/effectively communicating to technical and non-technical audience. Experience developing a deep understanding of systems and risks to the business. Experience driving security initiatives forward and coordinating to achieve speedy resolutions to application security-related security incidents working with security operations. Experience of conducting security assessments using both automated tool and manual testing to identify and remediate vulnerabilities. Experience of securing API through authorization, input validation, and threat mitigation techniques. Strong knowledge of security of safety risks of Large Language Models and AI Agents OWASP for LLM Top 10. OTHER: If offered employment, must have legal right to work in U.S. 40 hours per week/ Salary Range: $150,155 to $240,248 per year, plus standard company benefits Job Location: Capital Group Companies Global: 399 Park Ave., 31st Floor, New York, NY 10022 Hybrid work is permitted, when not working from home must report New York, NY office CONTACT: To apply: Email resume to Global Mobility Team at: cgapplications@capgroup.com MUST REFERENCE JOB CODE: NY0425ZK when applying.
