Application Security Engineer

DescriptionESSENTIAL DUTIES AND RESPONSIBILITIESThe essential functions include, but are not limited to the following:Serve as a subject matter expert on internal product security engineering questions and requestsBuild and automate secure SDLC controls and best practices in an agile, CI/CD-focused environment.Work with Product and Engineering teams to help design secure productsWork with developers to prioritize and remediate identified security vulnerabilitiesLead efforts to implement and maintain security policies and remediation processesBalance security risk and product advancement within the parameters of the businessConduct internal penetration tests on new application featuresIdentify risks and areas of exposure in applications, our development process and architecture.Perform security reviews of source code, stored procedures, datastores, and server/service configurations.Oversee development of security components throughout all stages of the SDLC.Monitor industry trends and threat landscape and recommend necessary controls or countermeasures.Educate developers on secure coding techniques and security best practices.Work with QA engineers to implement security testingParticipate in development of security policies, standards, and processes.Assist with application-related forensics activitiesMinimum Qualifications (knowledge, Skills, And Abilities)5 years’ total experience in relative domainsBachelor’s degree in Computer Science or equivalentStrong understanding of the software development lifecycle and Agile development methodologiesKnowledge of common application vulnerabilities, (e.g.: XSS, CSRF, SQL injection, cookie/header/encoding manipulation, input/output validation, session replay).Ability to identify security vulnerabilities from source code reviews and testing.Familiarity with penetration testing tools (eg: Burp, Parox, Fiddler, Havij, netcat). Ability to write proof-of-concept exploits is a big plus.Knowledge of encryption technologies, secure communications, and secure credentials management.Advanced written and verbal communication skills including ability to present technical subjects to non-technical audiences.Self-directed and capable of working in a dynamic environment.OSCP / OSWE certified preferredExperience developing software on a team preferredExperience working with cloud platforms (Azure, AWS, Google Cloud, or similar) preferredKnowledge of Azure DevOps platform preferredExperience with bug bounty programs preferredFamiliarity with technical security controls, guidelines, and frameworks outlined by standards such as SOC2, ISO 27001/27002, etc. preferredWhat We OfferOpen paid time offHybrid scheduleComprehensive healthcare and wellness programs100% company-paid volunteer time401k with a company matchPet InsuranceTuition/Continuing Education reimbursement programAt our core, Trintechers stand committed to fostering a culture rooted in our core values – Humble, Empowered, Reliable, and Open. Together, these values guide our actions, define our identity, and inspire us to continuously strive for excellence in everything we do.Should you require (or need) accommodations throughout any stage of the recruitment process, please provide your requirements to recruiting@trintech.com and we will work with you to accommodate your needs.All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.Trintech Inc., is a participant in the federal E-Verify program. This program allows employers to confirm the eligibility of their employees to work in the United States through an electronic verification process".As required by law, we will verify the identity and employment eligibility of all persons hired to work at Trintech. For more information about E-Verify, including your rights and responsibilities, please visit www.e-verify.govEqual Opportunity EmployerThis employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.