Senior Member Technical

At Broadridge, we've built a culture where the highest goal is to empower others to accomplish more. If you're passionate about developing your career, while helping others along the way, come join the Broadridge team.

Key Responsibilities

• Perform regular application security assessments using automated and manual techniques, including SAST, DAST, SCA, and other relevant testing methodologies.
• Identify, validate, and document security vulnerabilities with clear technical details, business impact, and proof-of-concept evidence where applicable.
• Assess and prioritize vulnerabilities based on risk, exploitability, business impact, and alignment with Broadridge security standards.
• Partner with application development, DevOps, cloud engineering, and infrastructure teams to recommend and drive effective remediation strategies.
• Integrate and operationalize security controls and testing tools within CI/CD pipelines to enable early detection and prevention of vulnerabilities.
• Support and enhance DevSecOps practices by maintaining and improving security tooling within the software development lifecycle.
• Review application and cloud environments for security gaps related to authentication, authorization, secrets management, logging, monitoring, encryption, and network segmentation.
• Assess and strengthen cloud vuln management program for cloud environments, cloud-native services
• Identify opportunities for automation in security testing, validation, reporting, and vulnerability management processes.
• Collaborate with Information Security Officers, developers, infrastructure teams, and other subject matter experts during assessments and remediation efforts.
• Support vulnerability triage, risk analysis, exception handling, and tracking of remediation activities through closure.
• Contribute to the development and adoption of secure coding practices, security standards, and developer awareness initiatives.
• Work effectively within Agile and fast-paced engineering environments.

Skill Requirements

• Bachelor's degree or higher in Computer Science, Computer Engineering, Information Security, or a related technical discipline.
• Minimum 5 years of hands-on experience in Application Security, with at least 2 years of experience in DevSecOps or secure CI/CD implementations.
• Strong experience with application security, including deep understanding of common vulnerabilities, attack techniques, and secure coding practices.
• Hands-on experience with SAST, DAST, SCA, vulnerability assessment, and remediation validation.
• Strong understanding of OWASP guidance and frameworks, including OWASP Top 10, API Security, Mobile Security, CI/CD Security, and emerging considerations for LLM/Application AI security.
• Working knowledge of cloud security principles and Vulnerability Management, particularly in AWS and/or Azure environments.
• Hands-on experience with AWS security tools, services, and processes, including identity and access management, logging/monitoring, configuration review, and security best practices.
• Familiarity with CI/CD platforms such as Jenkins, GitLab CI, or similar, and experience integrating security tools into pipeline workflows.
• Strong understanding of security policies, standards, compliance, and risk management practices.
• Proficiency in at least one object-oriented programming language, with the ability to review code and understand application logic.
• Strong analytical, research, and problem-solving skills, with the ability to identify control gaps and security weaknesses.
• Demonstrated commitment to staying current with evolving threats, vulnerabilities, and security technologies.
• Familiarity with secrets management, cloud posture management, API security testing, and software supply chain security
• Practical exposure to security testing or controls for modern architectures, including microservices, containers, serverless, and APIs.

Soft Skills

• Excellent verbal and written communication skills, with the ability to explain complex security concepts clearly to technical and non-technical audiences.
• Strong collaboration and stakeholder management skills ability to build consensus across development, operations, and business teams.
• Ability to manage multiple priorities and work effectively in a dynamic environment.
• Strong attention to detail and a disciplined approach to analysis and documentation.
• Self-motivated, adaptable, and committed to continuous learning.

Good to Have

• Experience with cloud security posture assessments and container security scanning tools.
• Exposure to secure SDLC programs in large enterprise environments.
• Experience with developer enablement, secure coding guidance, or security champion programs.
• Familiarity with emerging areas such as AI/LLM application security.
• Experience with infrastructure vulnerability scanning, scan result analysis, and vulnerability triage.
• Experience supporting remediation in hybrid or multi-cloud environments.
• Industry certifications such as CISSP, CISM, CEH, OSCP, CCSK, CCSP, or relevant cloud security certifications are a plus.
• Active participation in security communities, forums, research groups, or industry events.

We are dedicated to fostering a collaborative, engaging, and inclusive environment and are committed to providing a workplace that empowers associates to be authentic and bring their best to work. We believe that associates do their best when they feel safe, understood, and valued, and we work diligently and collaboratively to ensure Broadridge is a company-and ultimately a community-that recognizes and celebrates everyone's unique perspective.

Use of AI in Hiring

As part of the recruiting process, Broadridge may use technology, including artificial intelligence (AI)-based tools, to help review and evaluate applications. These tools are used only to support our recruiters and hiring managers, and all employment decisions include human review to ensure fairness, accuracy, and compliance with applicable laws. Please note that honesty and transparency are critical to our hiring process. Any attempt to falsify, misrepresent, or disguise information in an application, resume, assessment, or interview will result in disqualification from consideration.