Senior Member Technical

At Broadridge, we've built a culture where the highest goal is to empower others to accomplish more. If you're passionate about developing your career, while helping others along the way, come join the Broadridge team.

Key Responsibilities

• Perform regular application security assessments using automated and manual techniques, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
• Perform infrastructure security assessments across servers, operating systems, databases, cloud resources, containers, Kubernetes platforms, and network-connected assets.
• Conduct and support vulnerability scanning, analysis, validation, triage, and prioritization of infrastructure security findings.
• Collaborate with development teams to integrate security testing and controls into the SDLC and CI/CD pipelines.
• Promote and support adoption of DevSecOps practices to identify and address vulnerabilities early in the development lifecycle.
• Review system configurations and security controls to identify gaps related to patching, hardening, access control, encryption, logging, monitoring, and network security.
• Assess security risks across on-premises, hybrid, and cloud-based environments.
• Assess and prioritize vulnerabilities based on exploitability, business impact, risk rating, and internal security standards.
• Track remediation progress and work with stakeholders to ensure timely closure of identified issues.
• Collaborate with application teams, infrastructure teams, Information Security Officers, and other subject matter experts during assessments and remediation efforts.
• Identify opportunities to improve or automate security testing, vulnerability management, and reporting processes.
• Support security governance activities by aligning findings and recommendations with internal security policies, standards, and compliance requirements.
• Operate effectively in an Agile and fast-paced technology environment.

• Bachelor's degree or higher in Computer Science, Information Security, Computer Engineering, or a related technical discipline.
• Minimum 5 years of hands-on experience in Application Security, Infrastructure Security, or a combined security engineering/assessment role.
• Strong hands-on experience with application security testing tools and methodologies, including SAST, DAST, and SCA.
• Experience conducting infrastructure vulnerability assessments, scan analysis, vulnerability triage, and remediation validation.
• Strong understanding of web application security, secure coding practices, and common vulnerabilities affecting web applications and APIs.
• Knowledge of OWASP guidance and frameworks, including web and API security best practices.
• Understanding of operating system hardening, network security basics, identity and access management, patch management, and configuration security.
• Familiarity with CI/CD tools such as Jenkins, GitLab CI, or similar, and experience integrating security checks into pipeline workflows.
• Working knowledge of security standards, policies, audit requirements, and compliance considerations.
• Proficiency in at least one programming or scripting language such as Python, Java, C#, JavaScript, Ruby, Perl, or similar.
• Strong analytical and problem-solving skills with the ability to assess and communicate technical risk effectively.
• Experience with DevSecOps implementations and securing CI/CD pipelines.
• Experience in container image scanning, runtime security, and Kubernetes workload protection.
• Knowledge of vulnerability management platforms and ticketing workflows for remediation tracking.
• Experience with enterprise-scale vulnerability management programs.
• Exposure to security controls for modern architectures such as microservices, serverless, and cloud-native platforms.
• Demonstrated commitment to staying updated on emerging threats, attack techniques, and security technologies.

• Excellent verbal and written communication skills, with the ability to explain complex security concepts clearly to technical and non-technical audiences.
• Strong collaboration and stakeholder management skills; ability to build consensus across development, operations, and business teams.
• Ability to manage multiple priorities and work effectively in a dynamic environment.
• Strong attention to detail and a disciplined approach to analysis and documentation.
• Self-motivated, adaptable, and committed to continuous learning.

• Experience with cloud security posture assessments and container security scanning tools.
• Exposure to secure SDLC programs in large enterprise environments.
• Experience with developer enablement, secure coding guidance, or security champion programs.
• Familiarity with emerging areas such as AI/LLM application security.
• Experience supporting remediation in hybrid or multi-cloud environments.
• Industry certifications such as CISSP, CISM, CEH, OSCP, CCSK, CCSP, or relevant cloud security certifications are a plus.
• Active participation in security communities, forums, research groups, or industry events.
• Familiarity with SIEM, logging, monitoring, or detection engineering concepts.