Global Payments Inc. · 2 days ago

Application Security Engineer

Lawton Area

Full-time

Remote

Mid Level

4+ years exp

Maximize your interview chances

AppsBanking

Actively Hiring

Insider Connection @Global Payments Inc.

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Applies application development understanding and includes security controls within the application pipeline for moderately complex projects. Verifies controls are adhered to.

Reviews security architecture designs independently utilizing a strong understanding of network architecture to include recommendations drafting.

Utilizes a strong understanding of the appropriate settings for premise or cloud based security platforms in order to build guides for the standard implementation of a given platform.

Interprets vulnerability scanning from DAST and SAST and/or penetration test results to eliminate false positives while identifying appropriate mitigation for true issues.

Communicates InfoSec Architectural and Application Security policies, standards and guidelines in documentation for consumption by both IT and non-IT resources.

Utilizes a high level of industry understanding of implications of new threats and their applicability to the company, as well as options to reduce/eliminate new risk.

Build relationships with developers, stakeholders and scrum masters to incorporate security principles into engineering design and deployments.

Perform testing and validation in application security controls across projects.

Oversee implementation of defensive practices and countermeasures across infrastructure and applications.

Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads.

Support the ability to 'shift left' and incorporate security early on and throughout the development lifecycle.

Identify vulnerabilities in code through automated and manual assessments, and promote quick remediation.

Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Information SecuritySecurity ArchitectureVulnerability ScanningCloud SecurityApplication SecurityRegulatory Audit RequirementsCI/CD Security StrategyAWS SecurityNetwork EngineeringSystems EngineeringCISSPCEHCISACISMSecurity +OWASPMITRE ATT&CKTCP/IPWindowsLinuxEncryptionCryptography

Required

Bachelor's Degree

Relevant Experience or Degree in: in Information Security or Computer Science

Typically Minimum 4 Years Relevant Exp

Prior experience must be as an Information Security Analyst, or related role. Strong understanding of regulatory audit requirements and developing the appropriate solutions to address findings. Degree strongly preferred; however, additional 4 years related experience may be considered in lieu of a degree.

One or more of the following (or similar) - eWPTX, OSWE, CISSP, CEH, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, Security +, CGEIT, CCSP

Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SLDC).

Preferred

Typically Minimum 6 Years Relevant Exp

Prior experience must be as an Information Security Analyst, Security focused Network Admin/Engineer or Systems Admin/Engineer. Understanding of regulatory requirements and solutions design to meet said requirements.

Preferably some experience with operations and security across Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform (GCP).