JOBSEARCHER

DevSecOps Engineer (contract)

ARCHIVED

We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.

At BNY, our culture allows us to run our company better and enables you to grow and succeed. As a leading global financial services company at the heart of the global financial system, we influence nearly 20% of the world’s investible assets. Every day, our teams harness cutting-edge AI and breakthrough technologies to collaborate with clients, driving transformative solutions that redefine industries and uplift communities worldwide.Recognized as a top destination for innovators and champions of inclusion, BNY is where bold ideas meet advanced technology and exceptional talent. Together, we power the future of finance – and this is what is all about. Join us and be part of something extraordinary.Job Summary:We are seeking an DevSecOps Engineer to support enterprise application development teams by integrating security best practices throughout the Software Development Lifecycle (SDLC). This role is focused on application security architecture reviews, secure coding practices, vulnerability management, threat modeling, and collaboration with development teams to ensure applications are secure, compliant, and fit for purpose.This role is a remote role that is also open to candidates who are interested in coming onsite located in Lake Mary, FL, Pittsburgh, PA, or New York, NY.Key Responsibilities: Application Security Consulting: Serve as a Subject Matter Expert (SME) for application security initiatives, providing guidance and recommendations to development teams throughout the SDLC Security Architecture Reviews: Conduct security assessments and architecture reviews for new applications, platforms, and technology solutions to ensure compliance with security standards and best practices Secure Development Practices: Establish and promote secure coding guidelines, vulnerability management processes, and application security standards across development teams Vulnerability Assessment & Remediation: Identify security vulnerabilities through code reviews, security testing, and assessment activities while partnering with development teams on remediation strategies Code Review & Security Testing: Perform static, dynamic, and manual source code reviews, secure code analysis, and application security assessments Threat Modeling: Conduct threat modeling exercises during application design and development phases to identify and mitigate potential security risks DevSecOps Integration: Partner with engineering teams to integrate security controls, automated testing, and security tooling into CI/CD and DevOps pipelines Security Tool Enablement: Support developers in utilizing security scanning tools, vulnerability management platforms, and secure development technologies Risk Management: Track security findings, technical debt, remediation activities, and compliance requirements while ensuring timely resolution of security issues Client & Stakeholder Engagement: Collaborate with internal stakeholders and external clients to communicate security requirements, recommendations, and risk mitigation strategies AI Security Evaluation: Assist with security reviews of AI-enabled platforms and evaluate opportunities for leveraging AI development tools within secure software development practices Continuous Improvement: Stay current on emerging security threats, attack vectors, application security trends, and evolving industry best practicesQualifications: 3+ years of experience in Application Security, Security Engineering, Security Architecture, Software Development, or a related cybersecurity role Bachelor's degree in Computer Science, Cybersecurity, Information Security, or a related field Experience performing application security assessments, including penetration testing, secure code reviews, and vulnerability analysis Strong understanding of secure software development lifecycle (SSDLC) principles and secure coding best practices Experience identifying and remediating common application vulnerabilities, including OWASP Top 10 risks Ability to partner with development teams, conduct security architecture reviews, and provide guidance on secure application design Familiarity with programming languages such as Java, Python, or C/C++ Strong communication, presentation, and stakeholder management skills Exposure to AI-assisted development tools or AI-enabled applicationsPreferred Experience: Experience supporting DevSecOps practices and integrating security into CI/CD pipelines Experience working in large enterprise or regulated environments Background as a software developer who transitioned into application securityWhy Join Us:This role offers a unique opportunity to serve as a security leader embedded within enterprise software development teams, helping shape secure application design and development practices across the organization. You'll work closely with developers, architects, security professionals, and business stakeholders to drive security improvements, influence engineering decisions, and strengthen application security posture at scale.At BNY, our culture speaks for itself, check out the latest BNY news at:BNY NewsroomBNY LinkedInHere’s a few of our recent awards:America’s Most Innovative Companies, Fortune, 2025World’s Most Admired Companies, Fortune 2025“Most Just Companies”, Just Capital and CNBC, 2025Pay Rate Range58.4 - 73 USD hourlyAdditional NotesApplications will be accepted on an ongoing basis.This posting is for a contract assignment with Tundra Technical Solutions to provide services to Bank of New York (BNY). Please note that this is not a full-time employment opportunity. Candidates selected for this role will be engaged as contractors for the specified duration of the project. For any inquiries regarding the terms of the contract or engagement, please contact Tundra Technical Solutions directly.Benefits InformationOptional benefits offering include medical, dental, vision and retirement benefits via Tundra Technical Solutions.