Application Security Engineer

About Planet 

Planet is a global provider of integrated technology and payments solutions for retail and hospitality customers.  

We create great experiences for the millions of people who use our payments, software, and tax-free solutions every minute of every day. 

Planet empowers its customers to deliver great customer experiences by combining payments and software in ways that drive greater loyalty, increase revenue and save time. 

Founded over 35 years ago and with our headquarters in London, today we have more than 2,500 employees located across six continents serving our customers in more than 120 markets. 

Role Overview:
As an Application Security Engineer, you will be responsible for ensuring the security of web applications, APIs, and mobile applications (APKs). You will work closely with Product and Engineering teams to conduct threat modeling for new applications, embedding security into the development lifecycle and enabling a ‘shift left’ approach to secure engineering practices. Additionally, you will empower engineering teams to write secure code by providing guidance, implementing security best practices, and conducting application security testing, including penetration testing, to proactively identify and mitigate vulnerabilities.

What you will do:

• Collaborate with product and engineering teams to integrate security good practice, and threat modelling into the software development lifecycle.
• Continuously improve security testing methodologies, processes and tools (SAST and DAST) with the Engineering teams.
• Conduct comprehensive manual penetration tests on web applications, APIs, and mobile applications (APKs) to identify vulnerabilities.
• Work with Product and Engineering teams to manage vulnerabilities and security penetration test findings from discovery to timely remediation.
• Perform segmentation tests to ensure proper network segmentation and isolation of critical assets.
• Support the definition and implementation of security requirements for new solutions.
• Enable teams compliance to comply with industry standards and regulations including PCI DSS.

Who you are:

• Minimum 3 years of experience in application security or related roles.
• Proficiency in using application security tools such as Nexpose, Tenable, Rapid7, OpenVAS, Invicti, DASTerdly, Snyk, Checkmarx, Sonar and penetration testing tools such as Burp Suite, Metasploit, etc.
• Preferred certifications include eWPT, PNPT, OSCP, CISSP, GWAPT, or similar.
• Great awareness of cybersecurity trends and hacking techniques. Knowledge of IT general controls, and of standards and methodologies related to OWASP, PTES, NIST, CIS, PCI DSS, ISO 27001.
• A clear understanding of pentest methodologies.
• Promote a culture of security within the organization.
• Ability to work under pressure in a fast-paced environment.
• Strong attention to detail with an analytical mind and outstanding problem-solving skills.
• Excellent communication skills, both verbal and written.
   

Why Planet: 

Planet is an equal opportunity employer where diversity is valued, and all employment is decided based on qualifications, merit, and business need. 

Come and grow your career in the most exciting, fast paced technology market, with a business that delivers feel-good connected commerce. We would love to hear from you – Apply now.

At Planet, we embrace a hybrid work model, with three days a week in the office.
 

Reasonable accommodations may be made in order to allow for an individual to perform the essential functions of this role successfully.