Overview:

Connecting clients to markets – and talent to opportunity
With 4,300 employees and over 400,000 retail and institutional clients from more than 80 offices spread across five continents, we’re a Fortune-100, Nasdaq-listed provider, connecting clients to the global markets – focusing on innovation, human connection, and providing world-class products and services to all types of investors.

Whether you want to forge a career connecting our retail clients to potential trading opportunities, or ingrain yourself in the world of institutional investing, The StoneX Group is made up of four segments that offer endless potential for progression and growth.

Business Segment Overview:

Corporate: Engage in a deep variety of business-critical activities that keep our company running efficiently. From strategic marketing and financial management to human resources and operational oversight, you’ll have the opportunity to optimize processes and implement game-changing policies.

Position Purpose:

The Application Security Engineer will collaborate closely with development, operations, and cloud infrastructure teams to implement robust security controls throughout StoneX’s cloud environments, containerized applications, and development pipelines. The role requires expertise in cloud security, DevSecOps, and container security, while maintaining strong general application security principles. You will be responsible for vulnerability identification, remediation, and educating developers on best security practices.

Technology Ecosystem:

• Front-End: Secure coding practices, input validation, secure APIs
• Back-End: Secure databases, encryption, runtime security
• Architect: Security architecture in cloud-native environments
• Cloud: AWS, Azure, GCP

Responsibilities:

Primary duties will include:

• Implement security controls throughout the Software Development Life Cycle (SDLC) for cloud-native and containerized applications.
• Integrate security tools into DevOps and CI/CD pipelines to automate security testing.
• Perform security assessments on cloud environments (AWS, Azure, GCP), containerized applications, and Kubernetes clusters.
• Identify and mitigate risks and vulnerabilities in cloud-native applications and containers.
• Educate development and DevOps teams on secure coding, cloud security best practices, and container security.
• Develop and maintain security policies and processes for cloud and container security.
• Monitor industry trends and evolving threat landscapes to recommend necessary controls.

This list of duties and responsibilities is not intended to be all-inclusive and can be expanded to include other duties or responsibilities as deemed necessary.

Qualifications:

To land this role you will need:

• 2+ years of experience in cloud security (AWS, Azure, GCP) and container security (Kubernetes, Docker).
• Expertise in DevSecOps and integrating security tools into CI/CD pipelines.
• Experience with container security and runtime security tools (e.g., NeuVector, Aqua Security, Twistlock, Sysdig).
• Strong collaboration skills, with the ability to work with cross-functional teams.
• Advanced communication skills for presenting technical subjects to non-technical audiences.

What makes you stand out:

• Hands-on development experience with object-oriented programming languages (e.g., C#, Java, Python).
• Deep knowledge of container orchestration security (Kubernetes) and cloud-native security controls.
• Familiarity with SAST/DAST tools for securing cloud and container environments.
• Expertise in runtime security, secure software architecture, and microservices security.

Education / Certification Requirements:

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
• Certifications such as Certified Kubernetes Security Specialist (CKS) or AWS Certified Security - Specialty are preferred.

• #LI-Hybrid #LI-ND1