Application Security Engineer
Apply NowCompany: Trintech, Inc.
Location: Plano, TX 75025
Description:
Trintech's Application Security (AppSec) team is seeking a self-starter, ambitious team player who will work in our cross functional team, adopting software industry best practice, quality assurance, and overall development of our security platform. The candidate should have experience with application security, secure coding, and application architecture. The candidate will ensure that our programs maintain the most stringent of application security principles through the adherence to a mature Secure SDLC process expected from our customers.
The Application Security (AppSec) Engineer will report directly to the Application Security Architect.
What You'll Do
Serve as a subject matter expert on internal product security engineering questions and requests
Build and automate secure SDLC controls and best practices in an agile, CI/CD-focused environment.
Work with Product and Engineering teams to help design secure products
Work with developers to prioritize and remediate identified security vulnerabilities
Lead efforts to implement and maintain security policies and remediation processes
Balance security risk and product advancement within the parameters of the business
Conduct internal penetration tests on new application features
Identify risks and areas of exposure in applications, our development process and architecture.
Perform security reviews of source code, stored procedures, datastores, and server/service configurations.
Oversee development of security components throughout all stages of the SDLC.
Monitor industry trends and threat landscape and recommend necessary controls or countermeasures.
Educate developers on secure coding techniques and security best practices.
Work with QA engineers to implement security testing
Participate in development of security policies, standards, and processes.
Assist with application-related forensics activities.
Requirements
5 years' total experience in relative domains
Bachelor's degree in Computer Science or equivalent
Strong understanding of the software development lifecycle and Agile development methodologies
Knowledge of common application vulnerabilities, (e.g.: XSS, CSRF, SQL injection, cookie/header/encoding manipulation, input/output validation, session replay).
Ability to identify security vulnerabilities from source code reviews and testing.
Familiarity with penetration testing tools (eg: Burp, Parox, Fiddler, Havij, netcat). Ability to write proof-of-concept exploits is a big plus.
Knowledge of encryption technologies, secure communications, and secure credentials management.
Advanced written and verbal communication skills including ability to present technical subjects to non-technical audiences.
Self-directed and capable of working in a dynamic environment.
Preferred Qualifications
OSCP / OSWE certified
Experience developing software on a team
Experience working with cloud platforms (Azure, AWS, Google Cloud, or similar)
Knowledge of Azure DevOps platform
Experience with bug bounty programs
Familiarity with technical security controls, guidelines, and frameworks outlined by standards such as SOC2, ISO 27001/27002, etc.
What We Offer
At our core, Trintechers stand committed to fostering a culture rooted in our core values - Humble, Empowered, Reliable, and Open. Together, these values guide our actions, define our identity, and inspire us to continuously strive for excellence in everything we do.
Should you require (or need) accommodations throughout any stage of the recruitment process, please provide your requirements to recruiting@trintech.com and we will work with you to accommodate your needs.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Trintech Inc., is a participant in the federal E-Verify program. This program allows employers to confirm the eligibility of their employees to work in the United States through an electronic verification process".
As required by law, we will verify the identity and employment eligibility of all persons hired to work at Trintech. For more information about E-Verify, including your rights and responsibilities, please visit www.e-verify.gov
The Application Security (AppSec) Engineer will report directly to the Application Security Architect.
What You'll Do
Serve as a subject matter expert on internal product security engineering questions and requests
Build and automate secure SDLC controls and best practices in an agile, CI/CD-focused environment.
Work with Product and Engineering teams to help design secure products
Work with developers to prioritize and remediate identified security vulnerabilities
Lead efforts to implement and maintain security policies and remediation processes
Balance security risk and product advancement within the parameters of the business
Conduct internal penetration tests on new application features
Identify risks and areas of exposure in applications, our development process and architecture.
Perform security reviews of source code, stored procedures, datastores, and server/service configurations.
Oversee development of security components throughout all stages of the SDLC.
Monitor industry trends and threat landscape and recommend necessary controls or countermeasures.
Educate developers on secure coding techniques and security best practices.
Work with QA engineers to implement security testing
Participate in development of security policies, standards, and processes.
Assist with application-related forensics activities.
Requirements
5 years' total experience in relative domains
Bachelor's degree in Computer Science or equivalent
Strong understanding of the software development lifecycle and Agile development methodologies
Knowledge of common application vulnerabilities, (e.g.: XSS, CSRF, SQL injection, cookie/header/encoding manipulation, input/output validation, session replay).
Ability to identify security vulnerabilities from source code reviews and testing.
Familiarity with penetration testing tools (eg: Burp, Parox, Fiddler, Havij, netcat). Ability to write proof-of-concept exploits is a big plus.
Knowledge of encryption technologies, secure communications, and secure credentials management.
Advanced written and verbal communication skills including ability to present technical subjects to non-technical audiences.
Self-directed and capable of working in a dynamic environment.
Preferred Qualifications
OSCP / OSWE certified
Experience developing software on a team
Experience working with cloud platforms (Azure, AWS, Google Cloud, or similar)
Knowledge of Azure DevOps platform
Experience with bug bounty programs
Familiarity with technical security controls, guidelines, and frameworks outlined by standards such as SOC2, ISO 27001/27002, etc.
What We Offer
- Open Time Off
- Hybrid and remote work options
- Comprehensive healthcare and wellness programs
- 100% company-paid volunteer time
- 401k with a company match
- Pet Insurance
- Tuition/Continuing Education reimbursement program
At our core, Trintechers stand committed to fostering a culture rooted in our core values - Humble, Empowered, Reliable, and Open. Together, these values guide our actions, define our identity, and inspire us to continuously strive for excellence in everything we do.
Should you require (or need) accommodations throughout any stage of the recruitment process, please provide your requirements to recruiting@trintech.com and we will work with you to accommodate your needs.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Trintech Inc., is a participant in the federal E-Verify program. This program allows employers to confirm the eligibility of their employees to work in the United States through an electronic verification process".
As required by law, we will verify the identity and employment eligibility of all persons hired to work at Trintech. For more information about E-Verify, including your rights and responsibilities, please visit www.e-verify.gov