AppSec Jobs
← Back to all jobs

BNY

Corporate Security Engineering – Lead Engineer Role

New York, NYWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About BNY

BNY Mellon, officially known as The Bank of New York Mellon Corporation, is a global financial services company founded in 1784. Headquartered in New York City, it is the world's largest custodian bank and securities services provider, managing over $55 trillion in assets for clients around the globe. The company has a rich history, having played a significant role in financing key U.S. infrastructure projects and pioneering innovations in financial technology. BNY Mellon specializes in institutional financial services, focusing on securities services and custody, asset management, investment services, and capital markets. Its technology-driven platforms enhance efficiency and support real-time payments, catering to a diverse range of clients, including Fortune 100 companies and leading investment managers. The company is committed to fostering long-term relationships and driving growth and resilience in the financial ecosystem.

Industry

financial services

Employees

51,000

4848 engineers

Revenue

$40B

Website

Visit →

Security at BNY

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • BNY's AppSec mission is to "defend future global capital markets through cyber resiliency." The team emphasizes developer enablement through the provision of reusable templates, libraries, and reference implementations.
  • Application Security strives to reduce risk by improving the security profile of high-risk applications, with a focus on embedding security controls across the SDLC, CI/CD, and MLOps pipelines.

Security Team

The AppSec team at BNY operates with limited public visibility regarding organizational structure and reporting lines. As of, there is 1 active AppSec job posting. The team focuses on SAST, DAST, IAST, dependency and SBOM governance. No public org chart or explicit reporting line to CISO/CTO has been found.

Key Initiatives

  • The team is focused on shifting left by embedding security controls across the SDLC, CI/CD, and MLOps pipelines.
  • Vulnerability Management is defined and operated to identify, quantify, classify, prioritize, and address vulnerabilities.
  • A formalized secure SDLC program is integrated with each phase of the development life cycle.
  • Recent initiatives include the integration of security controls into MLOps pipelines.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.