Senior Application Security Engineer - Automation

Requisition ID: 49539

Business Unit: Fitch Group

Category: Information Technology

Location:

New York, NY, US

Date Posted: Mar 20, 2026

Fitch Group is currently seeking a Senior Application Security Engineer - Automation based out of our Chicago office.

As a leading, global financial information services provider, Fitch Group delivers vital credit and risk insights, robust data, and dynamic tools to champion more efficient, transparent financial markets. With over 100 years of experience and colleagues in over 30 countries, Fitch Group’s culture of credibility, independence, and transparency is embedded throughout its structure, which includes Fitch Ratings, one of the world’s top three credit ratings agencies, and Fitch Solutions, a leading provider of insights, data and analytics. With dual headquarters in London and New York, Fitch Group is owned by Hearst.

Want to learn more about a career in technology and data at Fitch?

Visit: https://careers.fitch.group/content/Technology-and-Data/

We are seeking a Senior Engineer to join Fitch’s Application Security program with a strong focus on CI/CD-native security, automation, AI-assisted secure coding and deployment, and secure-by-default developer workflows. This role is ideal for an experienced application security engineer who exhibits AppSec expertise—secure design and architecture, vulnerability identification and remediation—enabling security to scale through automation rather than manual intervention.

The ideal candidate will bring hands-on experience integrating security scans into modern CI/CD pipelines (e.g., GitHub Actions, Jenkins, Azure DevOps, or equivalent), building scripts and workflows that automate static, dynamic, and open-source security scanning across the delivery lifecycle, and be capable of generating, reviewing, and securing AI-assisted or generated code. This candidate will need to be able to harness and curate context for an agent that would propose fixes and features for the existing pipeline security stages, as well as to use an agent-first approach to maintaining and testing stages. They will also be comfortable performing secure code reviews to identify common vulnerabilities and will partner with development teams through practical secure-coding training, playbooks, and coaching to improve remediation quality and reduce repeat findings.

How You’ll Make an Impact:

Lead the integration of application security controls into CI/CD pipelines.

Design, build, and maintain automated security scanning pipelines using GitHub Actions, Jenkins, Azure DevOps, or similar platforms.

Develop scripts and pipeline logic to automate SAST, SCA, and DAST scans.

Partner with cloud engineering, platform, and development teams to implement secure-by-default CI/CD templates.

Improve signal quality by tuning scans and reducing false positives.

Act as a senior technical advisor on secure coding and remediation strategies.

Support the application vulnerability management lifecycle including remediation validation.

Perform secure code reviews to identify vulnerabilities, validate findings, and provide actionable remediation guidance to developers.

Develop and drive secure coding training and AppSec best practices (e.g., OWASP Top 10), including coaching teams on integrating secure-by-design patterns into day-to-day development.

Drive developer adoption of security tooling through training, peering, and developing strong instructional documentation.

Mentor application security engineers and contribute to internal standards.

Collaborate with broader InfoSec teams to align AppSec outcomes with enterprise risk management.

The ideal candidate has strong hands-on experience in application security combined with practical experience working in or alongside developer and cloud engineering teams. They are comfortable writing automation, understand modern CI/CD pipelines, and can translate security requirements into scalable engineering solutions.

You May be a Good Fit if:

Demonstrable experience personally delivering SecDevOps outcomes in an in enterprise environment.

Strong experience integrating security tooling into CI/CD pipelines. Ability to provide context for an agent that would propose fixes and features for the existing pipeline security stages, as well as experience or proficiency to use an agent-first approach to maintaining and testing stages.

Experience supporting application infrastructure in multi-cloud environments

Hands-on scripting experience (Python, Bash, PowerShell, YAML) for pipeline automation.

Experience developing controls for a Web Application Firewall (WAF) using different solutions like F5, AWS/Azure WAF, etc.

Deep understanding of secure software development lifecycle principles.

Experience with SAST, DAST, and SCA tools and result interpretation.

Hands-on experience performing source code reviews to identify common vulnerability classes (e.g., injection, XSS, authz/authn flaws, insecure deserialization) and guide remediation.

Experience creating and delivering developer enablement (training, office hours, playbooks) that improves secure coding practices and reduces repeat findings.

Experience with cloud-hosted applications in AWS, Azure, and/or GCP.

Strong collaboration and communication skills.

Experience mentoring engineers, defining AppSec standards, and developing standard operating procedures.

What Would Make You Stand Out:

Experience working closely with cloud and platform engineering teams.

Exposure to containerized and cloud-native CI/CD pipelines.

Personal and/or professional practice using agentic solutions and building or supporting the infrastructure that runs them.

Experience improving developer experience through reusable pipeline templates.

Familiarity with security frameworks relevant to financial services.

Experience supporting audits through automated security evidence.

Bachelor’s degree in Computer Science, Cybersecurity, or equivalent experience.

Relevant certifications such as CSSLP, GWAPT, or CISSP.

Why Choose Fitch:

Hybrid Work Environment: 2 to 3 days a week in office required based on your line of business and location
A Culture of Learning & Mobility: Dedicated trainings, leadership development and mentorship programs designed to ensure that your time at Fitch will be a continuous learning opportunity
Investing in Your Future: Retirement planning and tuition reimbursement programs that empower you to achieve your short and long-term goals
Promoting Health & Wellbeing: Comprehensive healthcare offerings that enable physical, mental, financial, social, and occupational wellbeing
Supportive Parenting Policies: Family-friendly policies, including a generous global parental leave plan, designed to help you balance career and family life effectively
Inclusive Work Environment: A collaborative workplace where all voices are valued, with Employee Resource Groups that unite and empower our colleagues around the globe
Dedication to Giving Back: Paid volunteer days, matched funding for donations and ample opportunities to volunteer in your community

Fitch is committed to providing global securities markets with objective, timely, independent and forward-looking credit opinions. To protect Fitch’s credibility and reputation, our employees must take every precaution to avoid conflicts of interest or any appearance of a conflict of interest. Should you be successful in the recruitment process at Fitch Ratings you will be asked to declare any securities holdings and other potential conflicts prior to commencing employment. If you, or your immediate family, have any holdings that may conflict with your work responsibilities, you may be asked to divest yourself of them before beginning work.

Fitch is proud to be an Equal Opportunity and Affirmative Action Employer. We evaluate qualified applicants without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, disability, protected veteran status, and other statuses protected by law.

FOR NEW YORK ROLES ONLY: Expected base pay rates for the role will be between $160,000 and $175,000 per year. Actual salaries will be determined on an individualized basis and may vary based on factors including but not limited to education, training, experience, past performance, and other job-related factors. Base pay is one part of Fitch’s total compensation package, which, depending on the position, may also include commission earnings, discretionary bonuses, long-term incentives, and other benefits sponsored by Fitch.