Minnesota, Victoria, USA
13 days ago
Application Security Engineer II
Overview When you think of InComm Payments, think of Innovative Payments Technology. We were founded over 30 years ago and continue to be a pioneer in the payment (FinTech) industry. Since our inception, we have grown to be a team of over 3,000 employees in 35 countries around the world. We own over 400 global technical patents and a network that includes over 525,000 points of retail distribution that points to our industry expertise. InComm Payments works with the most recognized and valued brands in the world, and we are partnered with most of the world’s leading merchants. InComm Payments is highly focused on our people and their growth, and we work hard to make a career at InComm Payments meaningful and rewarding. We value innovation, quality, passion, integrity, and responsibility in all that we do, and we are looking for great people to join our team as we move forward towards a very bright future. You can learn more about InComm Payments by visiting our Website or connecting with us on LinkedIn, YouTube, Twitter, Facebook, or Instagram. About This Opportunity We are seeking a dedicated and experienced Application Security Engineer to join our growing Enterprise App Security team! You will play a crucial part in safeguarding our applications from potential threats and vulnerabilities. With a few years of hands-on experience, you will conduct thorough security assessments, implement robust security measures, and ensure compliance with industry standards. Your strong analytical skills and deep understanding of modern security protocols and tools will be essential in identifying and mitigating risks early in the development lifecycle. Join us as we continue to help develop more secure applications and products across the entire InComm Payments enterprise! Responsibilities Integrate Static Application Security Testing (SAST) tooling into CI/CD pipelines, ensuring compatibility and efficient scanning within development workflows. Provide tailored SAST integration support for development teams at varying maturity levels with diverse toolsets and security requirements. Analyze application logs for anomalous patterns, communicate findings to leadership, and persuade them to take appropriate action. Participate in on-call rotation in support of Web Application Firewalls (WAF) incidents. Validate security vulnerabilities identified by automated tools and fine-tune configurations to minimize false positives and reduce noise. Develop threat models with development teams to help expose risks in their deliverables. Participate in application design and architectural reviews. Facilitate activities such as blue/red team events and bug bounty programs. Lead prioritization discussions to gain traction on important security issues Act as a liaison with 3rd parties performing vulnerability scans and penetration testing to validate findings and inform priorities and strategies for remediation. Draft, evaluate, and monitor compliance with application and development security standards. Ensure development teams are validating for OWASP Top 10 and performing industry leading application security practices. Qualifications Around 3-5 years of application security experience. In depth understanding of CI/CD processes and tooling around it; Jenkins, GitHub Actions, Azure Pipelines or similar. Application security experience with high level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP) Strong scripting experience – PowerShell, Python, etc. Exposure to container technologies – Docker, Docker Swarm, Kubernetes Experience with Cloud Service Providers (Azure and/or AWS) Experience with SAST (Static Application Security Testing) & DAST (Dynamic Application Security Testing) application scanning tools and knowledge of OWASP (Open Web Application Security Project) methodologies Knowledge of WAF (Web Application Firewalls) Experience with performing web, API, and mobile penetration testing; preparing reports to document findings; and presenting the report to development teams. Communication skills to create documentation, videos and conduct training classes Ability to manage multiple tasks simultaneously and meet established deadlines. Ability to collaborate with IT teams on security-related tasks and projects. Ability to work productively while remote and communicate effectively in a virtual team environment. Ability to stay current with new technology. Education & Certifications A Bachelor’s degree in Information Security, Computer Science, Information Systems, or another related field is preferred, but not required. A CEH or equivalent certification is preferred, but not required. Career development plan to include certifications upon hire. InComm Payments provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity or national origin, citizenship, veteran’s status, age, disability status, genetics or any other category protected by federal, state, or local law. *This position is eligible for the Employee Referral Bonus Program
Confirm your E-mail: Send Email