Application Security Engineer

2 days ago

Apply Now

Receive Emails with Similar Jobs

Global Payments Inc.

WebsiteLinkedInAll Job Openings

Payments • Ecommerce • Point of sale • Payment technology • Merchant services

10,000+

Description

• Designs applications of advanced complexity which address business functionality and performance needs, while ensuring that maximum security is applied. • Incorporates both in-house and externally acquired solutions. • Considered a subject matter expertise in relation to security architecture and liaises with other areas of IT in the dissemination of this information to counter threats and internal and external vulnerabilities. • Applies experience in topics such as enterprise software, software and hardware configurations, authentication, authorizations, detection and countering errant codes and scripts and related matters. • Applies application development understanding and includes security controls within the application pipeline for moderately complex projects. • Verifies controls are adhered to. • Reviews security architecture designs independently utilizing a strong understanding of network architecture to include recommendations drafting. • Utilizes a strong understanding of the appropriate settings for premise or cloud based security platforms in order to build guides for the standard implementation of a given platform. • Interprets vulnerability scanning from DAST and SAST and/or penetration test results to eliminate false positives while identifying appropriate mitigation for true issues. • Communicates InfoSec Architectural and Application Security policies, standards and guidelines in documentation for consumption by both IT and non-IT resources. • Utilizes a high level of industry understanding of implications of new threats and their applicability to the company, as well as options to reduce/eliminate new risk. • Build relationships with developers, stakeholders and scrum masters to incorporate security principles into engineering design and deployments. • Perform testing and validation in application security controls across projects. • Oversee implementation of defensive practices and countermeasures across infrastructure and applications. • Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads. • Support the ability to 'shift left' and incorporate security early on and throughout the development lifecycle. • Identify vulnerabilities in code through automated and manual assessments, and promote quick remediation. • Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.

Requirements

• Bachelor's Degree Relevant Experience or Degree in: in Information Security or Computer Science • Typically Minimum 4 Years Relevant Exp • Prior experience must be as an Information Security Analyst, or related role. • Strong understanding of regulatory audit requirements and developing the appropriate solutions to address findings. • Degree strongly preferred; however, additional 4 years related experience may be considered in lieu of a degree. • One or more of the following (or similar) - eWPTX, OSWE, CISSP, CEH, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, Security +, CGEIT, CCSP • Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SLDC).