More jobs:
Security Engineer III - Application Security
Job in
Tulsa, Tulsa County, Oklahoma, 74120, USA
Listed on 2026-06-12
Listing for:
BOK Financial Corp.
Full Time
position Listed on 2026-06-12
Job specializations:
-
IT/Tech
Cybersecurity, Data Security, Information Security
Job Description & How to Apply Below
Location:
Tulsa
-TUL
Areas of Interest:
Software Development;
Information Security
Pay Transparency Salary Range:
Not Available
Final date to receive applications: 07/31/2026
BOK Financial Corporation Group includes BOKF, NA; BOK Financial Securities, Inc. and BOK Financial Private Wealth, Inc. BOKF, NA operates Trans Fund and Cavanal Hill Investment Management, Inc. BOKF, NA operates banking divisions:
Bank of Albuquerque;
Bank of Oklahoma;
Bank of Texas and BOK Financial.
Bonus Type
Discretionary
Summary
Our team operates at the forefront of innovation, vigilance, and strategic risk management. We combine deep industry expertise with advanced analytics and a disciplined approach to proactively identify and mitigate emerging threats across the organization. Through continuous monitoring, comprehensive assessments, and strong cross-functional partnerships, we deliver tailored security solutions that strengthen BOKF's resilience.
We are passionate about advancing security maturity across the enterprise-collaborating closely with teams to provide actionable insights, champion best practices, and enhance controls. Our work empowers BOKF to pursue its strategic goals with confidence in an evolving threat landscape.
Job Description
As an Application Security Engineer III, you will play a key leadership role in advancing BOKF's application security posture. You will drive the implementation and optimization of security capabilities across the Application Protection portfolio, including WAF, API security, DAST, SAST, IaC, SCA, and SIEM/SOAR.
In this role, you will lead threat modeling and vulnerability assessments for internally developed applications and APIs, design and implement custom security policies and controls, and guide the response to application-layer incidents. You will serve as a subject matter expert, mentoring junior engineers while contributing to the design of advanced detection and prevention strategies.
You will stay ahead of evolving threats-including OWASP Top 10 risks, API vulnerabilities, and software supply-chain attacks-and apply that knowledge to strengthen defenses. The role also includes performing forensic and root cause analysis, partnering with risk, legal, and compliance teams to support regulatory requirements, and developing custom code to enhance application security capabilities.
As BOKF embraces AI-enabled development and security tooling, you will leverage approved AI capabilities to accelerate workflows while ensuring accuracy, safeguarding sensitive data, and maintaining strong governance. You will also assess and mitigate risks associated with AI/LLM-enabled applications and third-party services, including prompt injection, data leakage, and insecure integrations, while helping implement effective monitoring and controls.
Team Culture
Our team thrives in a dynamic and collaborative environment where curiosity, ownership, and continuous improvement are foundational. We encourage innovative thinking, open knowledge-sharing, and proactive problem-solving.
By working together to address complex security challenges, team members are empowered to expand their expertise, influence meaningful outcomes, and shape the future of application security strong partnerships across the organization and commitment to excellence ensure we remain resilient and forward-looking.
How You'll Spend Your Time
* You will lead the design and implementation of advanced application security architectures and controls across the SDLC, including secure CI/CD guardrails.
* You will conduct threat modeling and in-depth vulnerability assessments for applications and APIs, partnering with stakeholders to prioritize remediation.
* You will develop, tune, and maintain application security controls, including WAF/API policies and DAST/SAST/SCA/IaC scanning capabilities.
* You will oversee application-layer incident response, including triage, containment, and forensic/root cause analysis.
* You will evaluate and define security controls for AI/LLM-enabled features and integrations, including risks related to data protection, model trust, and misuse scenarios.
* You will leverage AI-enabled security tools to enhance detection, analysis, and response while validating outputs and protecting sensitive data.
* You will provide technical leadership by mentoring team members and leading initiatives through successful delivery with minimal oversight.
* You may perform other duties as assigned.
Education & Experience Requirements
This role typically requires a Bachelor's degree in Information Security, Computer Science, or a related field, along with 5+ years of experience in Cyber Security or a related technical discipline; alternatively, 7+ years of relevant experience may be considered in lieu of a degree.
A Master's degree, CISSP, or equivalent certifications are preferred.
________________________________________
Skills
* Advanced expertise in configuring and optimizing application security tools (WAF, API security, DAST, SAST, IaC, SCA,…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×