Application Security Engineer

Company: Trintech
Location: Plano
Posted on: March 17, 2023

Job Description:

Job Summary: Trintech's Application Security (AppSec) team is seeking a self-starter, ambitious, team player who will work in our cross functional team, adopting software industry best practice, quality assurance, and overall development of our security platform. The candidate should have experience with application security, secure coding, and application architectures. The candidate will ensure that our programs maintain the most stringent of application security principles through the adherence to a mature Secure SDLC process expected from our customers. The Application Security (AppSec) Engineer will report directly to the Application Security Architect.

Essential Duties & Responsibilities

• Serve as a subject matter expert on internal product security engineering questions and requests
• Build and automate secure SDLC controls and best practices in an agile, CI/CD-focused environment.
• Work with Product and Engineering teams to help design secure products
• Work with developers to prioritize and remediate identified security vulnerabilities
• Lead efforts to implement and maintain security policies and remediation processes
• Balance security risk and product advancement within the parameters of the business
• Perform proactive research to detect new attack vectors
• Perform reactive incident response when a security event occurs
• Identify risks and areas of exposure in applications, our development process and architecture.
• Perform security reviews of source code, stored procedures, datastores, and server/service configurations.
• Oversee development of security components throughout all stages of the SDLC.
• Perform manual and automated security testing.
• Monitor industry trends and threat landscape and recommend necessary controls or countermeasures.
• Educate developers on secure coding techniques and security best practices.
• Work with QA engineers to implement security testing
• Participate in development of security policies, standards, and processes.
• Participate in incident handling and perform application-related forensics activities. #LI-SF1 #LI-Hybrid
  Skills & Requirements
  Minimum Qualifications:
  • 5 years' total experience in relevant domains
  • Bachelor's degree in Computer Science or equivalent
  • Strong understanding of the software development lifecycle and Agile development methodologies
  • Knowledge of common application vulnerabilities, (e.g.: XSS, CSRF, SQL injection, cookie/header/encoding manipulation, input/output validation, session replay).
  • Ability to identify security vulnerabilities from source code reviews and testing.
  • Familiarity with penetration testing tools (eg: Burp, Parox, Fiddler, Havij, netcat). Ability to write proof-of-concept exploits is a big plus.
  • Knowledge of encryption technologies, secure communications, and secure credentials management.
  • Advanced written and verbal communication skills including ability to present technical subjects to non-technical audiences.
  • Self-directed and capable of working in a dynamic environment. Preferred Qualifications:
    • OSCP / OSWE certified
    • Experience developing software on a team
    • Experience working with cloud platforms (Azure, AWS, Google Cloud, or similar)
    • Knowledge of Azure DevOps platform
    • Experience with bug bounty programs
    • Familiarity with technical security controls, guidelines, and frameworks outlined by standards such as SOC2, ISO 27001/27002, etc. Qualifications #LI-SF1 #LI-Hybrid

Keywords: Trintech, Plano , Application Security Engineer, Engineering , Plano, Texas