86 applicants

Company

InComm Payments · 4 hours ago

Application Security Engineer II

USA

Full-time

Remote

Mid Level

3+ years exp

Maximize your interview chances

Financial Services

Actively Hiring

Insider Connection @InComm Payments

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Integrate Static Application Security Testing (SAST) tooling into CI/CD pipelines, ensuring compatibility and efficient scanning within development workflows.

Provide tailored SAST integration support for development teams at varying maturity levels with diverse toolsets and security requirements.

Analyze application logs for anomalous patterns, communicate findings to leadership, and persuade them to take appropriate action.

Participate in on-call rotation in support of Web Application Firewalls (WAF) incidents.

Validate security vulnerabilities identified by automated tools and fine-tune configurations to minimize false positives and reduce noise.

Develop threat models with development teams to help expose risks in their deliverables.

Participate in application design and architectural reviews.

Facilitate activities such as blue/red team events and bug bounty programs.

Lead prioritization discussions to gain traction on important security issues

Act as a liaison with 3rd parties performing vulnerability scans and penetration testing to validate findings and inform priorities and strategies for remediation.

Draft, evaluate, and monitor compliance with application and development security standards.

Ensure development teams are validating for OWASP Top 10 and performing industry leading application security practices.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Application SecurityCI/CD ProcessesStatic Application Security Testing (SAST)Dynamic Application Security Testing (DAST)Cloud Service ProvidersProgramming LanguagesContainer TechnologiesWeb Application Firewalls (WAF)PowerShellPythonOWASP MethodologiesPenetration TestingDocumentation SkillsCollaboration Skills

Required

Around 3-5 years of application security experience.

In depth understanding of CI/CD processes and tooling around it; Jenkins, GitHub Actions, Azure Pipelines or similar.

Application security experience with high level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP)

Strong scripting experience – PowerShell, Python, etc.

Exposure to container technologies – Docker, Docker Swarm, Kubernetes

Experience with Cloud Service Providers (Azure and/or AWS)

Experience with SAST (Static Application Security Testing) & DAST (Dynamic Application Security Testing) application scanning tools and knowledge of OWASP (Open Web Application Security Project) methodologies

Knowledge of WAF (Web Application Firewalls)

Experience with performing web, API, and mobile penetration testing; preparing reports to document findings; and presenting the report to development teams.

Communication skills to create documentation, videos and conduct training classes

Ability to manage multiple tasks simultaneously and meet established deadlines.

Ability to collaborate with IT teams on security-related tasks and projects.

Ability to work productively while remote and communicate effectively in a virtual team environment.

Ability to stay current with new technology.