Apply on Employer Site

Concora Credit · 5 hours ago

Application Security Engineer

US-OR-Beaverton

Full-time

Onsite

Mid, Senior Level

3+ years exp

Concora Credit is committed to helping customers do more with credit, and they are seeking a highly skilled Application Security Engineer to enhance their application and product security across various platforms. The role involves collaborating with development teams, conducting security assessments, and ensuring compliance with security standards and PCI DSS requirements.

ConsumerFinanceFinancial ServicesFinTech

No H1B

Responsibilities

Collaborate daily with development and project teams, assisting developers and architects to ensure compliance with established security standards and secure design principles

Identify, prioritize, and mitigate vulnerabilities based on OWASP Top 10, SANS CWE Top 25, and industry best practices

Lead application security assessments and reviews for web, mobile, and API-based systems throughout the SDLC

Collaborate with internal DevOps and other Dev teams to integrate, manage, and report on automated vulnerability scanning, SAST, DAST, and SCA platforms both as stand-alone tools and within CI/CD pipelines

Partner with DevOps and engineering teams to embed security controls early in the development process (“shift left”)

Conduct secure code reviews and support developers in understanding and remediating findings

Conduct and coordinate penetration tests for internal systems and web and mobile applications to validate vulnerability findings and assess real-world exploitability

Champion secure coding practices and deliver targeted security training and awareness to engineering teams

Perform threat modeling and risk assessments for new applications and system changes

Support and maintain PCI DSS compliance as it relates to application security and data protection

Collaborate with infrastructure and cloud security teams to ensure consistent protection across the technology stack

Contribute to continuous improvement of the organization’s secure SDLC and AppSec frameworks

Qualification

Application SecurityVulnerability ManagementSecure Software DevelopmentOWASP Top 10Penetration TestingDevOps IntegrationPCI DSS ComplianceSecurity Testing ToolsRisk AssessmentSecure Coding PracticesCommunication SkillsCollaboration

Required

3-5 years of experience in Application Security, Secure Software Development, or related fields

Solid understanding of OWASP Top 10, secure coding standards, vulnerability management, penetration testing methodologies, and common web/mobile vulnerabilities

Hands-on experience with security testing tools (e.g. Sonarqube, Tenable WAS, Burp Suite, OWASP ZAP, Veracode, or similar)

Experience integrating AppSec tools into DevOps pipelines (Azure DevOps, Git, etc.)

Experience performing or managing web application penetration tests using tools such as Burp Suite, OWASP ZAP, or manual techniques aligned with OWASP Testing Guide

Strong familiarity with PCI DSS and other financial regulatory compliance frameworks

Practical knowledge of web technologies (REST, JavaScript, HTML5, CSS, JSON) and at least one modern programming language (e.g., Java, C#, Python, JavaScript, Swift)

Experience securing mobile applications (iOS and Android) through static and dynamic analysis

Excellent communication skills and ability to work cross-functionally with engineering and compliance teams