Application Security Engineer

Trintechs Application Security (AppSec) team is seeking a selfstarter ambitious team player who will work in our cross functional team adopting software industry best practice quality assurance and overall development of our security platform. The candidate should have experience with application security secure coding and application architecture. The candidate will ensure that our programs maintain the most stringent of application security principles through the adherence to a mature Secure SDLC process expected from our customers.

The Application Security (AppSec) Engineer will report directly to the Application Security Architect.

What Youll Do

Serve as a subject matter expert on internal product security engineering questions and requests
Build and automate secure SDLC controls and best practices in an agile CI/CDfocused environment.
Work with Product and Engineering teams to help design secure products
Work with developers to prioritize and remediate identified security vulnerabilities
Lead efforts to implement and maintain security policies and remediation processes
Balance security risk and product advancement within the parameters of the business
Conduct internal penetration tests on new application features
Identify risks and areas of exposure in applications our development process and architecture.
Perform security reviews of source code stored procedures datastores and server/service configurations.
Oversee development of security components throughout all stages of the SDLC.
Monitor industry trends and threat landscape and recommend necessary controls or countermeasures.
Educate developers on secure coding techniques and security best practices.
Work with QA engineers to implement security testing
Participate in development of security policies standards and processes.
Assist with applicationrelated forensics activities.

Requirements

5 years total experience in relative domains
Bachelors degree in Computer Science or equivalent
Strong understanding of the software development lifecycle and Agile development methodologies
Knowledge of common application vulnerabilities (e.g.: XSS CSRF SQL injection cookie/header/encoding manipulation input/output validation session replay).
Ability to identify security vulnerabilities from source code reviews and testing.
Familiarity with penetration testing tools (eg: Burp Parox Fiddler Havij netcat). Ability to write proofofconcept exploits is a big plus.
Knowledge of encryption technologies secure communications and secure credentials management.
Advanced written and verbal communication skills including ability to present technical subjects to nontechnical audiences.
Selfdirected and capable of working in a dynamic environment.

Preferred Qualifications

OSCP / OSWE certified
Experience developing software on a team
Experience working with cloud platforms (Azure AWS Google Cloud or similar)
Knowledge of Azure DevOps platform
Experience with bug bounty programs
Familiarity with technical security controls guidelines and frameworks outlined by standards such as SOC2 ISO 27001/27002 etc.

What We Offer

• Open Time Off
• Hybrid and remote work options
• Comprehensive healthcare and wellness programs
• 100 companypaid volunteer time
• 401k with a company match
• Pet Insurance
• Tuition/Continuing Education reimbursement program

At our core Trintechers stand committed to fostering a culture rooted in our core values Humble Empowered Reliable and Open. Together these values guide our actions define our identity and inspire us to continuously strive for excellence in everything we do.

Should you require (or need) accommodations throughout any stage of the recruitment process please provide your requirements to and we will work with you to accommodate your needs.

All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin disability or status as a protected veteran.

Trintech Inc. is a participant in the federal EVerify program. This program allows employers to confirm the eligibility of their employees to work in the United States through an electronic verification process.

As required by law we will verify the identity and employment eligibility of all persons hired to work at Trintech. For more information about EVerify including your rights and responsibilities please visit www.everify