Fifth Third Bank Lead Application Security Engineer. in CINCINNATI, Ohio


Fifth Third Bank is one of the top-performing banks in the country, with a heritage that spans more than 150 years. We've staked our claim on looking at things differently to making banking a Fifth Third Better. This applies to our relationships with customers and employees alike.

We employ about 18,000 people, and what we offer is:

# A chance for employees to build their future, with supportive career development and financial wellness programs.

# An environment where we win together. We celebrate achievement and work collaboratively. We're also a three-time Gallup Great Workplace honoree.

# An invitation to impact lives in a positive and lasting way. Everything we do is geared toward improving lives. That's fun and exciting.

It comes down to the fact that Fifth Third is a warm and caring place to with which to grow # as a customer or as a team member.

Information Technology's vision is to be recognized as an industry-leading services company by efficiently delivering solutions and services our customers can rely on. We strive to create a business-focused team that drives significant value for the Company while building customer-centric service delivery models through the integration of technologies, data, and processes. Our customers' trust is earned through the effective delivery of resilient, secure products and services while balancing business needs with industry and regulatory requirements.

Fifth Third Information Technology is comprised of several areas including: Commercial IT, Consumer IT, Payments IT, Infrastructure IT, Enterprise and Corporate Applications as well as IT Security and Risk.


The Lead Application Security Engineer will be responsible for managing the process, procedures and tooling of the application vulnerability management program. This is a hands-on role and requires an application security professional who has asolidbackground in application development and current coding experience, combined with an understanding of Information Security and Secure Coding / Secure Software Development principles. Responsible and accountable for risk by openly exchanging ideasandopinions, elevating concerns, and personally following policies and procedures as defined. Accountable for always doing the right thing for customers and colleagues, and ensures that actions and behaviors drive a positive customer experience.Whileoperating within the Bank's risk appetite, achieves results by consistently identifying, assessing, managing, monitoring, and reporting risks of all types.




. Assists with the development of the application vulnerability management program.

. Providing strong leadership and cross-functional / stakeholder communications

. Maintaining and iterating documentation related to the application vulnerability management program including the development of, or updates to, new or currently established policies and standards that detail the requirements for managingapplicationvulnerabilities at Fifth Third.

. Assists with the tracking and management of application vulnerabilities one detected through tool assisted, manual, or third party performed security testing.

. Assist with the construction of vulnerability metrics (KRI/KPI), and the reporting of those metrics to help the organization understand the state of risk associated with outstanding vulnerabilities.

. Management and planning of Fifth Third's annual external application penetration testing activities.

. Assist with the execution and results management of Fifth Thirds quarterly perimeter penetration testing activities.

. Assist with the review and selection of tools to manage application vulnerabilities and integration within the SDLC for defect tracking assigned to developers.

. Assist with the retesting efforts associated with vulnerability remediation.

. Evaluating new security trends and technologies.

. Making recommendations to strengthen the information security environment.

. Participating as a subject matter expert in the incident response program.

. Other duties as assigned.


. Bachelor's degree in related discipline with 5 or more years of experience.

. Experience working within a secure SDLC environment

. Experience with application assessments (SAST and DAST)

. Excellent communications skills as well as the ability to build effective relationships with business leaders and stakeholders.

. Strong collaboration, communication, problem solving, conceptual and analytical skills.

. Experience with KPI/KRI creation and metrics reporting.

. Able to work at high level of autonomy in a dynamic environment.

. Experience with DevOps activities and integration preferred.

Fifth Third Bank is proud to have an engaged and inclusive culture and to promote and ensure equal employment opportunity in all employment decisions regardless of race, color, gender, national origin, religion, age, disability, sexual orientation, gender identity, military status, veteran status or any other legally protected status.