TradeStation ยท 11 hours ago
Director, Application Security
United States
Full-time
Remote
Mid, Senior Level
$180K/yr - $210K/yr
7+ years expTradeStation is an online brokerage firm focused on delivering an exceptional trading experience for active traders and institutions. They are seeking a Director of Application Security to develop and manage their application security program, ensuring secure coding practices and application resilience while continuously communicating security risks to the management team.
Financial Services
Responsibilities
Define and deliver secure development policies and standards
Advise Development, Engineering and other teams on all areas associated with security within applications such as secure coding practices, vulnerability identification and remediation, baseline control standards, etc
Application security testing and remediation coordination, including static, dynamic, penetration testing, and more
Define and deliver application security metrics designed to communicate application security risk posture to executives and others
Develop and deliver secure development training designed to ensure that development team employees understand how to build applications securely. Track compliance with the training program and ensure that it delivers measurable risk reducing results
Continuously communicate application risk posture to the technology management team, development teams, the CISO and others
Ensure all TradeStation applications maintain controls designed to adequately protect sensitive information such as personal and customer information
Serve as a trusted advisor to development managers and teams on all areas related to application security and best practices
Identify opportunities for improvement in application resiliency
Remain continuously up to date on the latest cyber security threats and countermeasures, applying and sharing that knowledge broadly
Lead application risk assessment initiatives to identify potential security risks and methods for improvement
Track identified application risk issues and provide regular status updates to the Security team and CISO
Collaborate closely with the CISO and his/her other direct reports to shape the overall security posture
Assist with other security related initiatives
Qualification
Required
Knowledge and experience with industry accepted secure application build practices such as OWASP, ISO, ITIL, and others
Solid understanding of deploying applications in a cloud environment securely (AWS, Azure, etc), as well as 'infrastructure as code', containerized applications, etc
Skills using static, dynamic, and other application security testing tools and third parties such as, BURP Suite, Checkmarx, Black Duck, and others
Experience using web application firewall technologies
Strong ability to leverage artificial intelligence to enhance productivity, testing, etc, as well as protect against AI-based threats
Strong knowledge of encryption, authentication methods, and application and database management and entitlements
Understanding of risks associated with the use of open-source modules and code
Must have excellent verbal and written communication skills
Must be highly organized
Strong analytical and problem-solving skills
Must be able to multitask and prioritize work in a quickly changing business environment with continuously shifting priorities
Solid understanding of information security and risk management principles
Understanding project management practices and development workflows
Must be knowledgeable in software development practices
Must have worked directly with application developers to identify, validate, triage, and remediate application security vulnerabilities
At least 7 years of progressive information security work experience
At least 5 years working specifically with application security
Bachelor's degree in Information Technology, Computer Engineering, Accounting or related field of study; or any equivalent combination of relevant background, skills and experience
Ability to travel to company offices, including international offices, or other locations occasionally as needed for meetings, training, to perform work tasks, etc
Preferred
Knowledge and experience using IT and development processes and control frameworks such as OWASP, COBIT, ISO, ITIL, and others preferred
One or more of the following certifications strongly preferred: CISSP (and/or other ISC2 certifications), CISM, CISA, CRISC (and/or other ISACA certifications), SANS GIAC certifications, CEH or other penetration testing certifications, PMP or other project management certifications, Other industry recognized certifications or accreditations
Benefits
Collaborative work environment
Competitive Salaries
Yearly bonus
Comprehensive benefits for you and your family starting Day 1
Unlimited Paid Time Off
Flexible working environment
TradeStation Account employee benefits, as well as full access to trading education materials
Company
TradeStation
Welcome to the home of those who were born to trade! We empower natural-born traders to hone their strategies with an advanced platform & brokerage services.
501-1000 employees
H1B Sponsorship
TradeStation has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (1)
2022 (1)
2020 (1)
Funding
Current Stage
Late StageLeadership Team
John Bartleman
Chief Executive Officer, TradeStation Crypto, Inc.
Michael Fisch
Chief Technology Officer
Company data provided by crunchbase