#WeAreTradeStation
Remote Position - must reside in Florida, Texas, Illinois, New York, New Jersey, Colorado, Idaho, Massachusetts, Michigan, Minnesota, Missouri, North Carolina, South Carolina, Utah or Virgina
Who We Are:
TradeStation is the home of those born to trade. As an online brokerage firm and trading ecosystem, we are focused on delivering the ultimate trading experience for active traders and institutions. We continuously push the boundaries of what's possible, encourage out-of-the-box thinking, and relentlessly search for like-minded innovators.
At TradeStation, we are building an AI-First culture. We expect team members to embrace AI as a core part of their daily workflow, whether that’s using AI to accelerate development, enhance decision-making, improve client outcomes, or streamline internal processes. We hire, grow, and promote people who can harness AI responsibly and creatively. We treat AI as a partner in problem-solving, not just a tool; following our governance standards to ensure AI is used ethically, securely, and transparently. If you join us, you’re joining a culture where AI is how we work.
Are you ready to make yourself at home?
What We Are Looking For:
We are looking for a Director of Application Security who will develop and manage TradeStation’s application security program.
What You’ll Be Doing:
Define and deliver secure development policies and standards
Advise Development, Engineering and other teams on all areas associated with security within applications such as secure coding practices, vulnerability identification and remediation, baseline control standards, etc.
Application security testing and remediation coordination, including static, dynamic, penetration testing, and more
Define and deliver application security metrics designed to communicate application security risk posture to executives and others
Develop and deliver secure development training designed to ensure that development team employees understand how to build applications securely. Track compliance with the training program and ensure that it delivers measurable risk reducing results
Continuously communicate application risk posture to the technology management team, development teams, the CISO and others
Ensure all TradeStation applications maintain controls designed to adequately protect sensitive information such as personal and customer information
Serve as a trusted advisor to development managers and teams on all areas related to application security and best practices
Identify opportunities for improvement in application resiliency
Remain continuously up to date on the latest cyber security threats and countermeasures, applying and sharing that knowledge broadly
Lead application risk assessment initiatives to identify potential security risks and methods for improvement
Track identified application risk issues and provide regular status updates to the Security team and CISO
Collaborate closely with the CISO and his/her other direct reports to shape the overall security posture
Assist with other security related initiatives
The Skills You Bring:
Knowledge and experience with industry accepted secure application build practices such as OWASP, ISO, ITIL, and others
Solid understanding of deploying applications in a cloud environment securely (AWS, Azure, etc), as well as “infrastructure as code”, containerized applications, etc.
Skills using static, dynamic, and other application security testing tools and third parties such as, BURP Suite, Checkmarx, Black Duck, and others
Experience using web application firewall technologies
Strong ability to leverage artificial intelligence to enhance productivity, testing, etc, as well as protect against AI-based threats
Strong knowledge of encryption, authentication methods, and application and database management and entitlements
Understanding of risks associated with the use of open-source modules and code
Must have excellent verbal and written communication skills
Must be highly organized
Strong analytical and problem-solving skills
Must be able to multitask and prioritize work in a quickly changing business environment with continuously shifting priorities
Solid understanding of information security and risk management principles
Understanding project management practices and development workflows.
Must be knowledgeable in software development practices
Must have worked directly with application developers to identify, validate, triage, and remediate application security vulnerabilities
Knowledge and experience using IT and development processes and control frameworks such as OWASP, COBIT, ISO, ITIL, and others preferred
Minimum Qualifications:
At least 7 years of progressive information security work experience
At least 5 years working specifically with application security
Bachelor's degree in Information Technology, Computer Engineering, Accounting or related field of study; or any equivalent combination of relevant background, skills and experience
Ability to travel to company offices, including international offices, or other locations occasionally as needed for meetings, training, to perform work tasks, etc.
Desired Qualifications:
One or more of the following certifications strongly preferred:
CISSP (and/or other ISC2 certifications)
CISM, CISA, CRISC (and/or other ISACA certifications
SANS GIAC certifications
CEH or other penetration testing certifications
PMP or other project management certifications
Other industry recognized certifications or accreditations
What We Offer:
Collaborative work environment
Competitive Salaries
Yearly bonus
Comprehensive benefits for you and your family starting Day 1
Unlimited Paid Time Off
Flexible working environment
TradeStation Account employee benefits, as well as full access to trading education materials
Pay Range (US) $180-210K (Countries outside of the US have differing ranges in accordance with local labor markets)
TradeStation provides equal employment opportunities to current and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, sexual orientation, age, pregnancy, disability, handicap, citizenship, veteran or marital status, or any other legally recognized status entitled to protection under federal, state, or local anti-discrimination laws.
#LI-Remote