Who We Are:

TradeStation is the home of those born to trade. As an online brokerage firm and trading ecosystem, we are focused on delivering the ultimate trading experience for active traders and institutions. We continuously push the boundaries of what's possible, encourage out-of-the-box thinking, and relentlessly search for like-minded innovators.

At TradeStation, we are building an AI-First culture. We expect team members to embrace AI as a core part of their daily workflow, whether that’s using AI to accelerate development, enhance decision-making, improve client outcomes, or streamline internal processes. We hire, grow, and promote people who can harness AI responsibly and creatively. We treat AI as a partner in problem-solving, not just a tool; following our governance standards to ensure AI is used ethically, securely, and transparently. If you join us, you’re joining a culture where AI is how we work.

Are you ready to make yourself at home?

What We Are Looking For:

We are looking for a Director of Application Security who will develop and manage TradeStation’s application security program.

What You’ll Be Doing:

• Define and deliver secure development policies and standards
• Advise Development, Engineering and other teams on all areas associated with security within applications such as secure coding practices, vulnerability identification and remediation, baseline control standards, etc.
• Application security testing and remediation coordination, including static, dynamic, penetration testing, and more
• Define and deliver application security metrics designed to communicate application security risk posture to executives and others
• Develop and deliver secure development training designed to ensure that development team employees understand how to build applications securely. Track compliance with the training program and ensure that it delivers measurable risk reducing results
• Continuously communicate application risk posture to the technology management team, development teams, the CISO and others
• Ensure all TradeStation applications maintain controls designed to adequately protect sensitive information such as personal and customer information
• Serve as a trusted advisor to development managers and teams on all areas related to application security and best practices
• Identify opportunities for improvement in application resiliency
• Remain continuously up to date on the latest cyber security threats and countermeasures, applying and sharing that knowledge broadly
• Lead application risk assessment initiatives to identify potential security risks and methods for improvement
• Track identified application risk issues and provide regular status updates to the Security team and CISO
• Collaborate closely with the CISO and his/her other direct reports to shape the overall security posture
• Assist with other security related initiatives

The Skills You Bring:

• Knowledge and experience with industry accepted secure application build practices such as OWASP, ISO, ITIL, and others
• Solid understanding of deploying applications in a cloud environment securely (AWS, Azure, etc), as well as “infrastructure as code”, containerized applications, etc.
• Skills using static, dynamic, and other application security testing tools and third parties such as, BURP Suite, Checkmarx, Black Duck, and others
• Experience using web application firewall technologies
• Strong ability to leverage artificial intelligence to enhance productivity, testing, etc, as well as protect against AI-based threats
• Strong knowledge of encryption, authentication methods, and application and database management and entitlements
• Understanding of risks associated with the use of open-source modules and code
• Must have excellent verbal and written communication skills
• Must be highly organized
• Strong analytical and problem-solving skills
• Must be able to multitask and prioritize work in a quickly changing business environment with continuously shifting priorities
• Solid understanding of information security and risk management principles
• Understanding project management practices and development workflows.
• Must be knowledgeable in software development practices
• Must have worked directly with application developers to identify, validate, triage, and remediate application security vulnerabilities
• Knowledge and experience using IT and development processes and control frameworks such as OWASP, COBIT, ISO, ITIL, and others preferred

Minimum Qualifications:

• At least 7 years of progressive information security work experience
• At least 5 years working specifically with application security
• Bachelor's degree in Information Technology, Computer Engineering, Accounting or related field of study; or any equivalent combination of relevant background, skills and experience
• Ability to travel to company offices, including international offices, or other locations occasionally as needed for meetings, training, to perform work tasks, etc.

Desired Qualifications:

• One or more of the following certifications strongly preferred:
  • CISSP (and/or other ISC2 certifications)
  • CISM, CISA, CRISC (and/or other ISACA certifications
  • SANS GIAC certifications
  • CEH or other penetration testing certifications
  • PMP or other project management certifications
  • Other industry recognized certifications or accreditations

What We Offer:

• Collaborative work environment
• Competitive Salaries
• Yearly bonus
• Comprehensive benefits for you and your family starting Day 1
• Unlimited Paid Time Off
• Flexible working environment
• TradeStation Account employee benefits, as well as full access to trading education materials
• Pay Range (US) $180-210K (Countries outside of the US have differing ranges in accordance with local labor markets)

TradeStation provides equal employment opportunities to current and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, sexual orientation, age, pregnancy, disability, handicap, citizenship, veteran or marital status, or any other legally recognized status entitled to protection under federal, state, or local anti-discrimination laws.