Hybrid Application Security Engineer bei Bessemer Trust

Description

We are looking for an Application Security Engineer to join our growing Information Security team. In this role, you’ll collaborate with development, DevOps, and security teams to help build secure software at every stage of the SDLC. Your work will directly contribute to the protection of sensitive data, systems, and client trust across our digital landscape.

Job Duties

Partner with application delivery and DevOps teams to embed security into the SDLC and perform or facilitate the following functions:

• Conduct secure code reviews and perform SAST, DAST, and manual security assessments.
• Perform threat modeling and risk analysis for new and existing application architectures.
• Define, implement, and automate application security testing in CI/CD pipelines.
• Deploy and manage tools such as Snyk, Veracode, OWASP ZAP, Burp Suite, and Checkmarx.
• Provide actionable remediation guidance to developers and promote secure coding best practices.
• Deliver targeted security training sessions for development and engineering teams.
• Assist with incident response for application-related security events, including root cause analysis and follow-up improvements.
• Monitor and ensure adherence to industry frameworks and standards (e.g., OWASP, NIST, PCI-DSS).
• Define and maintain secure development policies and reference architectures.
• Stay ahead of emerging threats, zero-day vulnerabilities, and innovative security solutions.
• Research and recommend new tools and practices to strengthen our application security posture.

Qualifications

Education:

• Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience).

Experience:

• 3-5 years of experience in application security, software development, or DevSecOps roles.
• Hands-on experience with application security tools (e.g., Snyk, Veracode, OWASP ZAP, Burp Suite, Checkmarx)

Technical Skills:

• Strong knowledge of web and mobile app vulnerabilities (e.g., OWASP Top Ten, CWE).
• Experience with at least one programming/scripting language (Python, Java, JavaScript, etc.).
• Proficiency in integrating security into CI/CD pipelines and DevOps workflows.

Certifications (Preferred, not mandatory):

• GIAC GWAPT, GIAC GWEB, CSSLP, CEH, or similar.

Soft Skills:

• Strong analytical and problem-solving skills.
• Excellent verbal and written communication skills.
• Ability to explain technical risks to non-technical stakeholders.

What We Offer

• A collaborative, security-first culture
• Opportunities to lead security initiatives and influence engineering practices
• Competitive compensation and benefits
• Ongoing professional development and certification support

The base salary range for this position is ($95,000.00 - $135,000.00). Actual salaries will vary and will be based on various factors, such as skills, experience, and qualification for the role. It is not typical for offers to be made at or near the top of the range. In addition, this position may be eligible for a discretionary incentive based on individual and company performance.

About Bessemer Trust

Bessemer Trust is a family office, overseeing more than $200 billion in assets for over 3,100 individuals and families of substantial wealth. Its more than 1,200 employees are singularly focused on private wealth management — disciplined investment management, sophisticated wealth planning, comprehensive family office services, and highly personalized client service.

Established in 1907 as the family office for Annie and Henry Phipps, Bessemer Trust is in its seventh generation of ownership by the Phipps family. As a self-made entrepreneur, Henry Phipps was a founding partner and chief financial officer of Carnegie Steel.

Bessemer Trust retains its original focus as a privately owned and independent wealth manager deeply committed to its mission of providing peace of mind to its clients. Bessemer’s adherence to putting clients’ interests first, fiduciary mindset, and highly collaborative culture are at the heart of everything the firm does.

Key Facts:

• For 118 years, Bessemer Trust has operated continuously in a single line of business, independently owned by one family.
• Headquartered in New York’s Rockefeller Center, Bessemer Trust has 22 offices in total. Woodbridge, NJ, is one of the firm’s largest offices, which hosts a wide range of technology and operations professionals. In addition to its sizable presence in New York and Woodbridge, the firm provides client service through offices in Atlanta, Boston, Chicago, Dallas, Delaware, Denver, Garden City, Grand Cayman, Greenwich, Houston, Los Angeles, Miami, Naples, Nevada, Palm Beach, San Diego, San Francisco, Seattle, Stuart, and Washington, D.C.
• To watch a video about Bessemer Trust’s history, click here.
• To learn more about Bessemer Trust, click here.

About Our Employee Rewards and Benefits:

We provide exceptional rewards and benefits that are among the best in the industry, giving our people access to a wide range of options, including:

• Competitive base salary plus discretionary annual bonus for select positions
• A 401(k) plan with a generous annual profit-sharing contribution
• Personalized development and career opportunities, including tuition reimbursement support
• Comprehensive medical, dental, and vision plans with zero contributions for employee coverage
• Employee assistance (EAP) and wellness programs
• Hybrid work environment: 60% in office, 40% remote for most positions
• Paid time off and paid parental leave
• Employer-paid life insurance and short- and long-term disability coverage
• Legal services and financial wellness plans at no cost to employees

 Bessemer Trust is committed to creating a diverse and inclusive environment and is proud to be an equal opportunity employer. We encourage candidates of diverse backgrounds to apply.