Senior Security Engineer AppSec

eastwestbank· Information Technology
Apply Now ↗
📍 Dallas, TX, US📍 San Marino, CA, USFULL TIME

About this role

Introduction

Since 1973, East West Bank has served as a pathway to success. With over 110 locations across the U.S. and Asia, we are the premier financial bridge between the East and West. Our teams of experienced, multi-cultural professionals help guide businesses and community members on both sides of the Pacific looking to explore new markets and create new opportunities, and our sustained growth and expertise in industries like real estate, entertainment and media, private equity and venture capital, and high-tech help build sustainable businesses and expand our associates’ potential for career advancement. 

 

Headquartered in California, East West Bank (Nasdaq: EWBC) is a top-performing commercial bank with a strong foundation, an enterprising spirit and a commitment to absolute integrity. East West Bank gives people the confidence to reach further.

Overview

The Senior Cyber Security Engineer will lead and execute security initiatives across the application lifecycle, integrating security into DevOps pipelines, managing vulnerability assessments, and coordinating penetration testing efforts. This role ensures that applications are secure by design and resilient against evolving threats.

Responsibilities

Application Security & DevSecOps Integration

  • Embed security controls into CI/CD pipelines using GitHub workflows and automation tools.
  • Collaborate with development teams to implement secure coding practices and threat modeling during design and development phases.
  • Manage GitHub Advanced Security configurations, including secret scanning, push protection, and impact analysis.

Security Testing & Vulnerability Management

  • Conduct Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) using approved tools (e.g., CodeQL, Dependabot, OWASP ZAP).
  • Perform manual and automated code reviews to identify vulnerabilities and ensure remediation through code fixes or configuration changes.
  • Maintain accurate mapping of applications to GitHub repositories to support vulnerability tracking and reporting.

API & Web Application Security

  • Perform regular API security assessments and integrate monitoring tools like Data Theorem for endpoint protection
  • Implement and manage Web Application Firewall (WAF) policies and monitor logs for threat detection

Penetration Testing Coordination

  • Scope and schedule internal and third-party penetration tests for internet-facing and extranet applications
  • Validate findings, coordinate remediation with development teams, and track progress in ServiceNow and Jira

Metrics, Reporting & Compliance

  • Generate and present vulnerability metrics to senior leadership, highlighting risk posture and remediation progress
  • Ensure compliance with internal standards and regulatory requirements (e.g., GLBA, SOX, SOC2)

Training & Enablement

  • Deliver targeted training sessions based on impact analysis and vulnerability trends to improve developer awareness
  • Lead bi-weekly AppSec Management Update & Post-Finding Review Training meetings
  • May perform other duties as assigned

Qualifications

  • 3+ years of experience in application security, DevSecOps, or related fields.
  • Proficiency in GitHub, SAST/DAST tools, WAF technologies, and API security frameworks.
  • Strong understanding of secure SDLC, threat modeling (e.g., STRIDE), and vulnerability management.
  • Experience coordinating penetration tests and managing third-party vendors.
  • Excellent communication and stakeholder engagement skills.

 

Applicants must have legal authorization to work in the United States.  We do not offer visa sponsorship at this time.  

Compensation

The base pay range for this position is USD $130,000.00/Yr. - USD $220,000.00/Yr. Exact offers will be determined based on job-related knowledge, skills, experience, and location.

Frequently Asked Questions

Is the salary disclosed for the Senior Security Engineer AppSec position at eastwestbank?
The salary for this Senior Security Engineer AppSec role at eastwestbank is not publicly listed. Click "Apply Now" to learn more about the compensation package on their official careers page.
Where is the Senior Security Engineer AppSec position at eastwestbank located?
This Senior Security Engineer AppSec role at eastwestbank is based in Dallas, TX, US, San Marino, CA, US. The position is listed as on-site or hybrid. Check the full job description or apply directly to confirm the work arrangement.
Is the Senior Security Engineer AppSec role at eastwestbank full-time or part-time?
This is listed as a FULL TIME position. It is posted as a Senior Security Engineer AppSec role in the Information Technology department at eastwestbank.
Which team or department does the Senior Security Engineer AppSec at eastwestbank belong to?
This Senior Security Engineer AppSec position is part of the Information Technology department at eastwestbank. See the full job description for more information about the team structure and responsibilities.
How do I apply for the Senior Security Engineer AppSec position at eastwestbank?
Click the "Apply Now" button on this page. You will be redirected to eastwestbank's official application portal hosted on icims where you can submit your application directly.
When was the Senior Security Engineer AppSec job at eastwestbank posted?
This Senior Security Engineer AppSec position at eastwestbank was posted on Jun 10, 2024. Apply as soon as possible — early applications are often reviewed first.
Senior Security Engineer AppSec
eastwestbank
Apply for this role ↗

You'll be redirected to eastwestbank's official application page on icims.