Job Summary
Our partner solves complex payment problems for businesses and institutions to empower new opportunities globally and locally. The company processes billions in payments per year, connecting all the entities involved to make those transactions faster, more secure, less expensive, and more transparent. Clients in business, education and healthcare use our partner’s a full-service platform to tailor the payment experience for their customers and to create a single point of visibility and control for payer engagement and receivables management – from invoicing and payment through reconciliation. Our partner also supports its clients with end-to-end customer support including multilingual servicing via phone, email, and chat, as well as around-the-clock online payment tracking.
You'll find more details about their culture here.
We are looking to hire an eager and experienced Application Security Engineer. This individual will support our Security Team in providing security support for our development houses and ensure the privacy and security of confidential, business and personal information.
With diversity and inclusion at the core of our people agenda, we believe our teammates are our greatest asset, and as a member of the Engineering team, you will help accelerate our products across the globe!
Key responsibilities:
- Drafting security requirements for any system, service or integration needed by our products
- Collaborate frequently with different engineering teams to identify and address security issues
- Attend the daily stand ups to ensure that product features have security "built in"
- Performing technical tasks on the change and integration reviews
- Have a part in every aspect of the development life-cycle
Minimum skills and qualifications:
- 3+ years of application security experience (source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, etc)
- Influence the design and implementation of upcoming products and services with security and privacy by design mindset
- A "breaker" mentality, but effective at crafting the mitigating controls
- Working experience in authentication technologies, including OAuth, SAML, and SSO
- Proven knowledge of applied cryptography
- Strong familiarity with the Ruby on rails, Java language and modern web development (e.g. JavaScript, AngularJS, Node.js, etc.)
- Understanding of OWASP security concepts and common application security risks, such as XSS, CSRF, SQL Injection, Cookie Manipulation, etc
- Experience with web application security, DevSecOps and/or secure SDLC
- Provide hands-on remediation guidance to development teams
- Proven interpersonal skills: Ability to explain complex technical issues to both technical and non-technical audiences