InComm

  • Application Security Engineer III

    Job Location US-GA-Atlanta
    Type
    Full-Time
  • Overview

    Leveraging deep integrations into retailers’ point-of-sale systems, InComm provides connectivity to a variety of service providers that allow consumers to conduct everyday business at more than 450,000 points of retail distribution worldwide. Whether those consumers are activating prepaid products, paying bills, enjoying real-time discounts through a membership card, purchasing digital goods in-store or adding funds to an online account, InComm is there to provide unique gift-gifting opportunities, cater to on-the-go shoppers, deliver added value through loyalty programs and serve cash-based consumers. With 186 global patents, InComm is headquartered in Atlanta with a presence in over 30 countries in North and South America, Europe and the Asia-Pacific region. Learn more at www.incomm.com or connect with us on www.twitter.com/incomm, www.facebook.com/incomm, www.linkedin.com/company/incomm or www.incomm.com/blog.

     

    About This Opportunity

    InComm is seeking an Application Security Engineer II to join our Security Compliance team located in our Atlanta office.  The Security Compliance team consist of the following groups:

    • Cyber Security
    • Info Security
    • Physical Security
    • Application Security

     

    The Application Security Group consist of 3 people currently and is looking to add 3 additional resources in our Atlanta, St. Pete, and Portland or Salt Lake City.  This group is responsible for working with application owners to help develop more security and less risky applications.  The main goal for this position is to work with the development teams and identify vulnerabilities in the applications.

     

    The Application Security Engineer should have the following experience:

    • Understanding of Software Development (coding background is a plus)
    • Strong Security Background
    • Strong Penetration Testing (required)
    • Creative ability to find vulnerabilities

     

    Additional experience should include:

    • Experience with vulnerability and application scanning tools (e.g., Qualys, Nessus, Rapid 7, BurpSuite)
    • Application security experience with high level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP)
    • Programing background and working experience in SDLC and software development tools such as Eclipse, Jenkins or similar
    • Experience with static analysis tools (e.g., HP Fortify, Coverity, Checkmarx) and knowledge of OWASP tools and methodologies.
    • Experience with Cloud Service Providers (Azure and/or AWS)
    • Security certifications, such as CISSP, CEH, OSCP, CISA, are desirable
    • Communication skills to create documentation, videos and conduct training classes

    Responsibilities

    • Evaluate and implement tools/frameworks/services supporting secure software delivery and monitoring
    • Verify security vulnerabilities identified by automated tools and configure tools to reduce noise
    • Develop threat models with development teams to help expose risks in their deliverables
    • Participate in application design and architectural reviews
    • Train and mentor development teams on secure coding practices via regular code reviews, pair programming, and training exercises/presentations
    • Facilitate activities such as blue/red team events and bug bounty programs
    • Lead prioritization discussions to gain traction on important security issues
    • Act as a liaison with 3rd parties performing vulnerability scans and penetration testing to validate findings and inform priorities and strategies for remediation
    • Draft, evaluate, and monitor compliance with application and development security standards
    • Ensures teams are validating for OWASP and performing industry leading application security practices.

    Qualifications

     

    • 5 Years in security application development or offensive security application testing.
    • Bachelor in Cybersecurity, CS or Information Security preferred, or equivalent work experience
    • Security certification such as OSCP, CISSP, CEH, GSS
    • Experience with some of the following technologies:
      • Javascript, React, NPM
      • .NET (C#, WCF, WPF, WF, EF) and other framework components
      •  ASP.NET WebAPI
      • T-SQL, relational database schema and data modelling
      •  Cloud architecture
      • Docker, Kubernetes, microservices
      •  Apple Pay or Google Wallet
      • InCapsula
      • Veracode, IBM APPSCAN, Kenna Security Application Risk Module, WebInspect
    • Experience with vulnerability and application scanning tools (e.g., Qualys, Nessus, Rapid 7, BurpSuite)
    • Programing background and working experience in SDLC and software development tools such as Eclipse, Jenkins or similar
    • Experience with static analysis tools (e.g., HP Fortify, Coverity, Checkmarx) and knowledge of OWASP tools and methodologies.
    • Experience with Cloud Service Providers (Azure and/or AWS)
    • Communication skills to create documentation, videos and conduct training classes

     

     

     

    InComm provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity or national origin, citizenship, veteran’s status, age, disability status, genetics or any other category protected by federal, state, or local law.

     

    *This position is eligible for the Employee Referral Bonus Program - Tier 4 

     

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed