Vice President, Information Security full Stack Engineer

About This Role

Responsibilities

• Build and maintain full-stack web applications and services using modern engineering patterns
• Design and consume REST and gRPC APIs with an emphasis on reliability, security, and maintainability
• Apply secure coding standards (e.g., input validation, authentication/authorization, dependency hygiene, secrets handling)
• Support vulnerability remediation efforts by addressing findings from scanning tools and security reviews
• Create dashboards and reporting experiences that provide actionable insights (e.g., control health, risk posture, remediation progress)
• Automate recurring operational processes to improve efficiency, reduce human error, and increase auditability
• Collaborate with IAM, network security, endpoint, and governance teams to align applications with security strategy and controls
• Participate in security assessments and contribute to compliance efforts aligned with organizational standards
• Independently diagnose and resolve issues across the stack (frontend, backend, CI/CD, environments)
• Contribute to documentation, runbooks, and operational best practices as needed
• Apply DevOps/CI/CD and SDLC best practices including code reviews, testing, and release pipelines
• Leverage modern AI-assisted development tools to improve code quality, velocity, and maintainability where appropriate

Requirements

• Bachelor's degree in Computer Science, Engineering, or a related field, or equivalent work experience
• 6 to 10 years of experience in software engineering with hands-on delivery
• Deep understanding of a programming language such as C# or Java or Python (or similar), and delivering those solutions via production services
• Experience developing APIs and integrations (REST/gRPC), including testing and basic observability (logs/metrics)
• Hands-on experience with React or Angular (SwiftUI experience is a plus)
• Familiarity with vulnerability management concepts and secure SDLC practices
• Awareness of common application security risks (e.g., OWASP Top 10) and how to mitigate them
• Practical understanding of core networking protocols and enterprise environments (e.g., TCP/UDP, SNMP, firewalls, proxies)
• Working knowledge of Windows and Linux administration fundamentals
• Experience using Python scripting to automate workflows and integrate systems/tools
• Familiarity with IAM concepts (SSO, MFA, RBAC, OAuth/OIDC) and general Zero Trust principles
• Strong problem-solving and communication skills; able to deliver independently while collaborating in a team
• Experience building dashboards and reporting (security KPIs, trend reporting, operational metrics)
• Familiarity with cloud platforms and containerization (Docker/Kubernetes) and secure deployment practices
• Experience building client-server applications for macOS and Windows
• Experience using AI-assisted development tools (e.g., Windsurf, Cursor, or similar) to accelerate development, refactoring, testing, or code comprehension in a secure and responsible manner

Benefits & Perks

About BNY

BNY Mellon, officially known as The Bank of New York Mellon Corporation, is a global financial services company founded in 1784. Headquartered in New York City, it is the world's largest custodian bank and securities services provider, managing over $55 trillion in assets for clients around the globe. The company has a rich history, having played a significant role in financing key U.S. infrastructure projects and pioneering innovations in financial technology. BNY Mellon specializes in institutional financial services, focusing on securities services and custody, asset management, investment services, and capital markets. Its technology-driven platforms enhance efficiency and support real-time payments, catering to a diverse range of clients, including Fortune 100 companies and leading investment managers. The company is committed to fostering long-term relationships and driving growth and resilience in the financial ecosystem.