Application Security Engineer III

Job Location US-Remote | US-GA-Atlanta | US-GA-Alpharetta | US-FL-St. Petersburg | US-FL-North Miami | US-TX-Dallas | US-UT-Sandy | US-MO-Kansas City | US-OR-Portland


Leveraging deep integrations into retailers’ point-of-sale systems, InComm is revolutionizing the commerce experience through innovative payments technology. InComm leverages end to end solutions to bring branded activatable products to retailers both in store and digitally. Our process includes everything from card printing, inventory management and forecast analytics, to the development and integration of activation technology in point of sale machines world-wide. From there we leverage our backend platform as a service technology to drive product activation to the tune of several thousand card activations every second. Whether those consumers are activating prepaid products, paying bills, enjoying real-time discounts through a membership card, purchasing digital goods in-store or adding funds to an online account, InComm is there to provide unique gift-gifting opportunities, cater to on-the-go shoppers, deliver added value through loyalty programs and serve cash-based consumers.


InComm is headquartered in Atlanta, GA with a presence in over 30 countries, an organization of approximately 3,000 employees, several hundred international technical patents, and a network that includes over 600,000 points of retail distribution. With innovation as our number 1 company value, our speed to market for new products and services is accelerating rapidly and quickly positioning InComm as a global leader in fintech innovation. Learn more at or connect with us on TwitterFacebook, LinkedIn, or Our Blog.



Inside InComm from InComm on Vimeo.

About This Opportunity

InComm is seeking a Senior Application Security Engineer to join our Enterprise Security team. This role can sit anywhere in the US. The Application and Product Security group works closely with software development and application ownership teams across various business units to help develop more secure applications and products.  


  • Evaluate and implement tools/frameworks/services supporting secure software delivery and monitoring
  • Verify security vulnerabilities identified by automated tools and configure tools to reduce noise
  • Develop threat models with development teams to help expose risks in their deliverables
  • Participate in application design and architectural reviews
  • Train and mentor development teams on secure coding practices via regular code reviews, pair programming, and training exercises/presentations
  • Facilitate activities such as blue/red team events and bug bounty programs
  • Lead prioritization discussions to gain traction on important security issues
  • Act as a liaison with 3rd parties performing vulnerability scans and penetration testing to validate findings and inform priorities and strategies for remediation
  • Draft, evaluate, and monitor compliance with application and development security standards
  • Ensures teams are validating for OWASP and performing industry leading application security practices


  • 3+ years application security experience.
  • 5+ years application development experience.
  • Experience with SAST & DAST application scanning tools and knowledge of OWASP tools and methodologies
  • Knowledge of APIs and best practices for testing and securing
  • Knowledge of Bug Bounty programs and integration into SDLC
  • Knowledge of Web Application Firewalls (WAF)
  • Application security experience with high level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP)
  • Exposure to container technologies – Docker, Docker Swarm, Kubernetes
  • Strong scripting experience – PowerShell, Python, etc.
  • Programing background and working experience in SDLC and software development tools such as Eclipse, Jenkins or similar
  • Experience with Cloud Service Providers (Azure and/or AWS)
  • In depth understanding of CI/CD processes and tooling around it.
  • Communication skills to create documentation, videos and conduct training classes
  • Strong analytical skills.
  • Ability to manage multiple tasks simultaneously and meet established deadlines.
  • Ability to collaborate with IT teams on security-related tasks and projects.
  • Ability to work productively while remote and communicate effectively in a virtual team environment.
  • Ability to stay current with new technology.

 Education & Certifications

  • A Bachelor’s degree in Information Security, Computer Science, Information Systems, or another related field is preferred, but not required.
  • A CISSP certification is preferred, but not required. Career development plan to include certifications upon hire.



InComm provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity or national origin, citizenship, veteran’s status, age, disability status, genetics or any other category protected by federal, state, or local law.


*This position is eligible for the Employee Referral Bonus Program - Tier 4 - #LI-KJ1



Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed