Founded in 1908, CIT (NYSE: CIT) is a financial holding company with approximately $50 billion in assets as of Dec. 31, 2017. Its principal bank subsidiary, CIT Bank, N.A., (Member FDIC, Equal Housing Lender) has approximately $30 billion of deposits and more than $40 billion of assets. CIT provides financing, leasing, and advisory services principally to middle-market companies and small businesses across a wide variety of industries. It also offers products and services to consumers through its Internet bank franchise and a network of retail branches in Southern California, operating as OneWest Bank, a division of CIT Bank, N.A. For more information, visit cit.com.
The Application Security Engineer is a hands-on, first line role responsible for evaluating and enforcing security across the Secure Software Development Life Cycle (SDLC). The Application Security Engineer will conduct code reviews and assess/remediate issues stemming from application security scans using various tools. The position will work closely with IT Development implementing, executing and improving the security of CiT developed applications that could lead to negative operational, reputational, and/or financial impact. The ideal candidate will have solid experience operating a risk-based penetration testing program, conducting both manual and automated penetration tests to improve application security and effecitvely communicating flaws to management as part of risk metrics reporting.
Key terms: Application security engineering, OWASP, static/dynamic analysis, penetration testing and tools, defensive programming, application security training, malware techniques and defenses.