Security Engineer III - Application Security Job at BOK Financial, Tulsa, OK

bzhnb05IQmhocjJ5TUdGeGRrdE1ic0RmSWc9PQ==
  • BOK Financial
  • Tulsa, OK

Job Description

Req ID:  78048 

Location:   Tulsa -TUL  

Areas of Interest:  Software Development; Information Security  

Pay Transparency Salary Range:   Not Available  

Application Deadline:  07/31/2026

BOK Financial Corporation Group includes BOKF, NA; BOK Financial Securities, Inc. and BOK Financial Private Wealth, Inc. BOKF, NA operates TransFund and Cavanal Hill Investment Management, Inc. BOKF, NA operates banking divisions: Bank of Albuquerque; Bank of Oklahoma; Bank of Texas and BOK Financial®.

Bonus Type

Discretionary

Summary

Our team operates at the forefront of innovation, vigilance, and strategic risk management. We combine deep industry expertise with advanced analytics and a disciplined approach to proactively identify and mitigate emerging threats across the organization. Through continuous monitoring, comprehensive assessments, and strong cross-functional partnerships, we deliver tailored security solutions that strengthen BOKF’s resilience.

 


We are passionate about advancing security maturity across the enterprise—collaborating closely with teams to provide actionable insights, champion best practices, and enhance controls. Our work empowers BOKF to pursue its strategic goals with confidence in an evolving threat landscape.

Job Description

As an Application Security Engineer III, you will play a key leadership role in advancing BOKF’s application security posture. You will drive the implementation and optimization of security capabilities across the Application Protection portfolio, including WAF, API security, DAST, SAST, IaC, SCA, and SIEM/SOAR.

 

In this role, you will lead threat modeling and vulnerability assessments for internally developed applications and APIs, design and implement custom security policies and controls, and guide the response to application-layer incidents. You will serve as a subject matter expert, mentoring junior engineers while contributing to the design of advanced detection and prevention strategies.

 

You will stay ahead of evolving threats—including OWASP Top 10 risks, API vulnerabilities, and software supply-chain attacks—and apply that knowledge to strengthen defenses. The role also includes performing forensic and root cause analysis, partnering with risk, legal, and compliance teams to support regulatory requirements, and developing custom code to enhance application security capabilities.

 

As BOKF embraces AI-enabled development and security tooling, you will leverage approved AI capabilities to accelerate workflows while ensuring accuracy, safeguarding sensitive data, and maintaining strong governance. You will also assess and mitigate risks associated with AI/LLM-enabled applications and third-party services, including prompt injection, data leakage, and insecure integrations, while helping implement effective monitoring and controls.

Team Culture

Our team thrives in a dynamic and collaborative environment where curiosity, ownership, and continuous improvement are foundational. We encourage innovative thinking, open knowledge-sharing, and proactive problem-solving.

 

By working together to address complex security challenges, team members are empowered to expand their expertise, influence meaningful outcomes, and shape the future of application security at BOKF. Our strong partnerships across the organization and commitment to excellence ensure we remain resilient and forward-looking.

How You'll Spend Your Time

• You will lead the design and implementation of advanced application security architectures and controls across the SDLC, including secure CI/CD guardrails.
• You will conduct threat modeling and in-depth vulnerability assessments for applications and APIs, partnering with stakeholders to prioritize remediation.
• You will develop, tune, and maintain application security controls, including WAF/API policies and DAST/SAST/SCA/IaC scanning capabilities.
• You will oversee application-layer incident response, including triage, containment, and forensic/root cause analysis.
• You will evaluate and define security controls for AI/LLM-enabled features and integrations, including risks related to data protection, model trust, and misuse scenarios.
• You will leverage AI-enabled security tools to enhance detection, analysis, and response while validating outputs and protecting sensitive data.
• You will provide technical leadership by mentoring team members and leading initiatives through successful delivery with minimal oversight.
• You may perform other duties as assigned.

Education & Experience Requirements

This role typically requires a Bachelor’s degree in Information Security, Computer Science, or a related field, along with 5+ years of experience in Cyber Security or a related technical discipline; alternatively, 7+ years of relevant experience may be considered in lieu of a degree.
A Master’s degree, CISSP, or equivalent certifications are preferred.
________________________________________

 

Skills
• Advanced expertise in configuring and optimizing application security tools (WAF, API security, DAST, SAST, IaC, SCA, SIEM/SOAR) to deliver effective and scalable protection.
• Strong understanding of application threat intelligence and the ability to identify and mitigate both known and emerging attack vectors.
• Proven experience leading application security incident response, including triage, containment, and root cause analysis.
• Demonstrated ability to lead cross-functional initiatives involving development, DevOps, and risk teams.
• Excellent analytical and problem-solving skills, with a structured approach to complex challenges.
• Advanced scripting capabilities (e.g., Python, Bash, Go, PowerShell) to automate security processes and workflows.
• Experience securing CI/CD pipelines and cloud-native applications across AWS, Azure, and GCP.
• Strong knowledge of cryptography, TLS, secrets management (e.g., HashiCorp Vault), and key lifecycle management.
• Ability to clearly communicate complex security concepts to both technical and non-technical stakeholders.
• Experience leveraging data analysis tools (e.g., Splunk, Elasticsearch, Excel) to drive insights and metrics.
• Deep understanding of application risk management principles and mitigation strategies.
• Familiarity with AI/LLM security risks (e.g., prompt injection, data leakage, supply-chain risk) and practical implementation of controls.
• Ability to use AI-assisted tools responsibly to enhance productivity while validating results and protecting sensitive information.

BOK Financial Corporation Group is a stable and financially strong organization that provides excellent training and development to support building the long term careers of employees.  With passion, skill and partnership you can make an impact on the success of the bank, customers and your own career!
Apply today and take the first step towards your next career opportunity!
 
The companies in BOK Financial Corporation Group are equal opportunity employers. We are committed to providing equal employment opportunities for training, compensation, transfer, promotion and other aspects of employment for all qualified applicants and employees without regard to sex, race, color, religion, national origin, age, disability, pregnancy status, sexual orientation, genetic information or veteran status.

Please contact  recruiting_coordinators@bokf.com with any questions. 

Job Tags

Similar Jobs

HCA Healthcare

Internal Medicine Physician Job at HCA Healthcare

 ...is seeking a Hospitalist to join the team in Bowling Green, Kentucky. Qualified Candidates: ~ Must be board certified in Internal Medicine ~24/7 hospitalist coverage ~ Block schedule (7-on/7-off)~ Average daily census 18-20~ Open ICU ~ Strong specialist support... 

Apidel Technologies

Network Engineer (Cisco, Arista, Juniper) III Job at Apidel Technologies

 ...and monitoring of the network infrastructure to company standards. Skills: Specific knowledge and 5 to 8 years experience with Cisco and Juniper routers Strong knowledge of internetworking designs and their applications and routing Solid knowledge of Layer 2... 

Inside Higher Ed

Custodian Job at Inside Higher Ed

 ...Job Title: Custodian I Location: Albany State Rec. Location Regular/Temporary: Regular Full/Part Time: Full-Time Albany State University is a fully accredited senior unit of the University System of Georgia. Employees receive benefits provided by the University... 

Canon U.S.A., Inc.

Printer Field Service Manager Job at Canon U.S.A., Inc.

About our Company - Canon U.S.A., Inc., is a leading provider of consumer, business-to-business, and industrial digital imaging solutions to the United States and to Latin America and the Caribbean markets. With approximately $28.5 billion in global revenue, its parent...

Adecco

Entry Level Production $19-$21/hr Hiring Event June 16th-18th Clyde OH! (43435) Job at Adecco

 ...OH 43410 Hosted by: Adecco Staffing Positions Available! Entry Level Production $19.85$21.10/hr Multiple shifts available...  ...individual or $37.94$48.78/wk family ~ Dental, Vision & Pet Insurance ~401(k)~$100 Referral Bonus Equal Opportunity Employer...