Application Security Engineer

Trintech’s Application Security (AppSec) team is seeking a self-starter, ambitious team player who will work in our cross functional team, adopting software industry best practice, quality assurance, and overall development of our security platform. The candidate should have experience with application security, secure coding, and application architecture. The candidate will ensure that our programs maintain the most stringent of application security principles through the adherence to a mature Secure SDLC process expected from our customers.

The Application Security (AppSec) Engineer will report directly to the Application Security Architect.

What You'll Do

• Serve as a subject matter expert on internal product security engineering questions and requests
• Build and automate secure SDLC controls and best practices in an agile, CI/CD-focused environment.
• Work with Product and Engineering teams to help design secure products
• Work with developers to prioritize and remediate identified security vulnerabilities
• Lead efforts to implement and maintain security policies and remediation processes
• Balance security risk and product advancement within the parameters of the business
• Conduct internal penetration tests on new application features
• Identify risks and areas of exposure in applications, our development process and architecture.
• Perform security reviews of source code, stored procedures, datastores, and server/service configurations.
• Oversee development of security components throughout all stages of the SDLC.
• Monitor industry trends and threat landscape and recommend necessary controls or countermeasures.
• Educate developers on secure coding techniques and security best practices.
• Work with QA engineers to implement security testing
• Participate in development of security policies, standards, and processes.
• Assist with application-related forensics activities.

Requirements

• 5 years’ total experience in relative domains
• Bachelor’s degree in Computer Science or equivalent
• Strong understanding of the software development lifecycle and Agile development methodologies
• Knowledge of common application vulnerabilities, (e.g.: XSS, CSRF, SQL injection, cookie/header/encoding manipulation, input/output validation, session replay).
• Ability to identify security vulnerabilities from source code reviews and testing.
• Familiarity with penetration testing tools (eg: Burp, Parox, Fiddler, Havij, netcat). Ability to write proof-of-concept exploits is a big plus.
• Knowledge of encryption technologies, secure communications, and secure credentials management.
• Advanced written and verbal communication skills including ability to present technical subjects to non-technical audiences.
• Self-directed and capable of working in a dynamic environment.

Preferred Qualifications

• OSCP / OSWE certified
• Experience developing software on a team
• Experience working with cloud platforms (Azure, AWS, Google Cloud, or similar)
• Knowledge of Azure DevOps platform
• Experience with bug bounty programs
• Familiarity with technical security controls, guidelines, and frameworks outlined by standards such as SOC2, ISO 27001/27002, etc.

What We Offer

• Open Time Off
• Hybrid and remote work options 
• Comprehensive healthcare and wellness programs
• 100% company-paid volunteer time
• 401k with a company match
• Pet Insurance
• Tuition/Continuing Education reimbursement program

At our core, Trintechers stand committed to fostering a culture rooted in our core values – Humble, Empowered, Reliable, and Open. Together, these values guide our actions, define our identity, and inspire us to continuously strive for excellence in everything we do.

Should you require (or need) accommodations throughout any stage of the recruitment process, please provide your requirements to recruiting@trintech.com and we will work with you to accommodate your needs.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Trintech Inc., is a participant in the federal E-Verify program. This program allows employers to confirm the eligibility of their employees to work in the United States through an electronic verification process".

As required by law, we will verify the identity and employment eligibility of all persons hired to work at Trintech. For more information about E-Verify, including your rights and responsibilities, please visit www.e-verify.gov