Associate Security Engineer – Application & Product Security
Company: VyStar Credit Union
Location: Jacksonville
Posted on: April 1, 2026
|
|
|
Job Description:
At VyStar, we offer competitive pay, an excellent benefit
package that includes a 401(k) Plan, an extensive paid technical
and on-the-job training program, and tuition reimbursementavailable
to all full and part time employees. Part time positions start at a
minimum of 30 hours per week. We encourage you to become a part of
VyStar Credit Union's family of employees. Associate Security
Engineer – Application & Product Security ACCOUNTABILITY STATEMENT
In support of the AVP, Application Product Security, the
Application & Product Security Engineer will perform various
functions, including the collaboration and assurance of building
processes for securing software applications and APIs, ability to
create and integrate security standards through assessments,
advisement, and coordinating with the AVP in consultative
engagements with various business units (directly and via their
technology delivery teams). Application Security focuses on
partnerships with multiple product teams to drive risk reduction
through a thoughtful, targeted, and collaborative model. This role
will help to support the AVP in communicating security to many
audiences, including business and technical leaders and individual
contributors, as well as others within the Information Security
Team. ESSENTIAL FUNCTIONS: Support Security Enablement via an Agile
Method: Support multiple concurrent security integration
initiatives with various business units for various development and
deployment projects in offset phases within an agile framework with
a dedicated staff of specialists through the requirements, design,
development, and operating phases. Support the AVP, Application and
Product Security in implementing a robust Customer Identity and
Access Management (CIAM) function to ensure security and privacy
aspects to registration, authentication, self-service,
personalization of experience and privacy of member data is secure
and meets required regulatory requirements. Specifically, Supports
scalability of platform to meet the needs of members based on
product or services enablement. Implement required authentication
and identity parameters (e.g., SSO, MFA, geo-location, etc.)
Implement attack protection for CIAM across enterprise
public-facing platforms through enablement of services such as Web
Application Firewall (WAF), DDoS, Bot protections ensuring robust
monitoring, alerting and actionable policies are in place to
protect against external threats. Support program strategy for API
security, mergers and acquisitions evaluations, and open-source
security. Support the AVP, Application and Product Security in the
implementation of secure engineering practices such as design &
code reviews, API security reviews, threat modeling, penetration
testing, continuous integration, and security focused
behavior-driven development. Specifically: Threat Modeling: Support
threat modeling for platform/applications/services that deliveries
core services to B2B and B2C customers. Secure Software
Development: Implement and support security services and practices
including static and dynamic scanning and code review, Penetration
testing, open and internal sourced component lifecycle management,
SDLC policies and standards. Support the design development, and
validation of secure code of systems, solutions and processes from
a security perspective and premise, hybrid and with multiple cloud
providers. Support secure code and API interface reviews with
internal and external product teams. Support application security
continuous improvement plan and drive execution by driving best
practices within teams with respect to security policies,
procedures, standards, and guidelines in line with industry leading
practices for on-prem, hybrid and cloud specific environments,
application and product development. Support secure development
through the CI/CD pipelines, toolchains, and operations on secure
code practices. Perform other duties and responsibilities as
assigned. Maintain and optimize existing APIs for Confidentiality,
Integrity, and Availability. Support secure API code reviews with
internal and external product teams. Support secure API development
through the CI/CD pipelines, toolchains, and operations on secure
code practices. All employees and business units, as first line of
defense, are expected to proactively help identify, assess, manage,
and report risks within their domain of work. To enhance a healthy
risk culture and support our growth for good pillar, employees will
maintain vigilance in safeguarding our operations while ensuring
compliance with regulatory mandates. The Risk team serves as the
second line of defense by providing risk oversight and credible
challenge whereas the Audit team serves as the third line of
defense by providing risk assurance. Incumbent is expected to
demonstrate each of the following VyStar Excellence behaviors in
performing the duties and responsibilities of their job: Focus -
Focus your full attention by carefully listening to and observing
client or member. Connect - Consistently be friendly and
approachable. Demonstrate your care. Understand - Listen
empathetically and ask questions (70%/30% rule). Counsel -
Recommend solutions based on your member’s needs and objectives.
Advance - Ensure that member’s expectations were exceeded. Verify
necessary follow-up actions. JOB QUALIFICATIONS EDUCATION High
School Diploma or GED required. Bachelor’s degree in Information
Security, Computer Science, Information Systems, or another related
field is preferred. CERTIFICATIONS Security and GSEC security
certifications are preferred. Career development plan to include
certifications upon hire. EXPERIENCE 0-2 years Information Security
experience. 0-2 years Application/Product Security experience. 0-2
years API Security analyst experience. KNOWLEDGE, SKILLS, &
ABILITIES Knowledge of security offerings within one or multiple
major cloud platforms (Microsoft Azure, Amazon Web Services (AWS),
Google Cloud Platform (GCP), etc.) preferred. Knowledge of
container and service-oriented security architecture for
cloud-based services preferred. Knowledge with a modern SDLC
including CI/CD pipelines, cloud architecture, API economies, and
container deployment preferred. Knowledge of enterprise
applications (support, and troubleshooting) preferred. Knowledge of
application security tools, functions, and services similar to
Snyk, Veracode, Netsparker, BurpSuite, Imperva, Radware, BugCrowd,
SD Elements, OPSWAT, Okta, ThreatMetrix, and Auth0 preferred.
Understanding of OWASP API Security Top 10 Demonstrated
self-starter with strong analytical skills. Ability to manage
multiple tasks simultaneously and meet established deadlines.
Ability to collaborate with business teams on technology &
security-related controls, tasks, and projects. Ability to work
productively while remote and communicate effectively in a virtual
team and on location hybrid work environment. Ability to work
within agile and waterfall project methodology. Ability to stay
current with new technology. Ability to support appropriate
Information Security and Technology standards to meet business
requirements. DISCLAIMERS AND WORK ENVIRONMENT Nothing in this
position description is an implied contract for employment. The
position description is intended to be an accurate account of the
essential functions. The functions are not all encompassing and are
subject to change at any time by management. The work environment
characteristics described are representative of those that an
employee encounters while performing the essential functions of
this job. Reasonable accommodations may be made to enable
individuals with disabilities to perform the essential functions.
As required or requested, may exert up to 20 pounds of force
occasionally and/or a negligible amount of force constantly to
lift, carry, push, pull or otherwise move objects. VyStar Credit
Union is not seeking outside assistance or accepting unsolicited
resumes from staffing agencies or search firms for employment or
contractor opportunities. Any resumes submitted by an outside
vendor to any employee at VyStar via e-mail, internet, or directly
to hiring managers without a valid written search agreement with
the Talent Acquisition / HR department will be deemed the sole
property of VyStar Credit Union. No placement fee will be paid if a
candidate is hired as a result of the referral, or through other
means. Thank you for your inquiry regarding our current job
opening. Your resume will be carefully reviewed against the
position requirements. Should your experience and skills match, you
will be contacted by one of our Human Resources department staff
members. Thank you again for your interest in this position! VyStar
Credit Union Human Resources
Keywords: VyStar Credit Union, Daytona Beach , Associate Security Engineer – Application & Product Security, IT / Software / Systems , Jacksonville, Florida
