Vacancy caducado!
Want to work on a world-class team building life-changing financial products? Let me introduce you to Progrexion – that’s what we do every day.Based in downtown Salt Lake City, our team builds industry leading services that help consumers access, understand, and verify their credit reports are fair, accurate, and substantiated. Our services power the technology behind Lexington Law (an independently owned law firm), Credit.com, and CreditRepair.com. And the good news? We have a lot of fun while we do it.The successful candidate will demonstrate our Corporate Guiding Values of Integrity, Consumer Advocacy, Teamwork, Development, Quality and Performance in all areas of his/her work. This individual will have strong technical skills to ensure Progrexion’s information is safe at all times. Our ideal candidate will not only have a high business acumen, but will also have a technical background and ability to convey technical information into business terms.Progrexion is looking for a skilled Application Security Engineer to analyze software designs and implementations from a security perspective, and identify and resolve security issues. You will include the appropriate security analysis, defenses and countermeasures at each phase of the software development lifecycle, to result in robust and reliable software.Responsibilities
Strategize and outline goals and objectives of the application security program
Assist with application security efforts to meet PCI and other compliance requirements
Work directly with development teams and DevOps teams to ensure secure coding best practices are fully integrated with the Software Development Lifecycle
Gauge and prioritize risk on identified vulnerabilities
Design and implement static application security testing (SAST) and dynamic application security testing (DAST) tools and methodologies into the SDLC
Help train developers with secure coding techniques to mitigate the need for break-fix/out-of-band patching
Perform on-going security testing and code review to improve software security
Troubleshoot and debug issues that arise with SAST and DAST tools
Provide engineering designs for new software solutions to help mitigate security vulnerabilities
Maintain technical documentation on processes and policies
Develop a familiarity with new tools and techniques in the industry
Support the rest of the security engineers as needed – flexibility is a must
Qualifications
Bachelor's Degree or equivalent in Computer Science, Computer Engineering, Information Technology, or related field
2+ years of experience in application security or direct development experience related to a secure SDLC
Proven work experience as a Software Security Engineer or Software Engineer with a passion for secure coding
Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
Familiarity with the OWASP Top 10
Experience with threat modeling methodologies
Software development experience in two of the following core languages: Python, Java, PHP, JS, Angular JS
Knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures) and of network/web related protocols
Experience designing, testing or auditing technical application security controls
Working knowledge of and demonstrated experience with PCI Data Security Standard (PCI DSS)
Demonstrated knowledge of project management methodologies (Agile, Waterfall)
Ability to work in a fast-paced environment
Must exhibit excellence in partnering, teamwork, and quality performance
Able to effectively give, receive, and respond to feedback
Excellent oral and written communication skills with the ability to communicate security concepts to a technical and non-technical audience including senior management
Demonstrated ability to establish relationships and build rapport to influence colleagues at all levels, uncover issues, and identify needs
Preferred Qualifications
Experience with tokenization of payment cards and/or credit report data
GWAPT certification a plus
OSCP Certification a plus
Mobile application experience a plus
ID: 2020-3783 Created Date: 9/16/2020 Street: 257 East 200 South
Vacancy caducado!