Experience Inc. Jobs

Job Information

InComm Application Security Engineer III in Sandy, Utah

Overview

Leveraging deep integrations into retailers’ point-of-sale systems, InComm provides connectivity to a variety of service providers that allow consumers to conduct everyday business at more than 450,000 points of retail distribution worldwide. Whether those consumers are activating prepaid products, paying bills, enjoying real-time discounts through a membership card, purchasing digital goods in-store or adding funds to an online account, InComm is there to provide unique gift-gifting opportunities, cater to on-the-go shoppers, deliver added value through loyalty programs and serve cash-based consumers. With 186 global patents, InComm is headquartered in Atlanta with a presence in over 30 countries in North and South America, Europe and the Asia-Pacific region. Learn more ator connect with us on,,or.

About This Opportunity

We are currently looking for a strong Application Security Engineer III to train and mentor the development teams on secure coding practices, work with developers to identify weaknesses, verify security vulnerabilities, and facilitate training exercises and presentations. We are looking for someone with a background in programming, the creativity to find vulnerability and risks in our applications, and experience with scanning tools like Qualys or Nessus.

Responsibilities

  • Experience with vulnerability and application scanning tools (e.g., Qualys, Nessus, Rapid 7, BurpSuite)

  • Application security experience with high level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP)

  • Programing background and working experience in SDLC and software development tools such as Eclipse, Jenkins or similar

  • Experience with static analysis tools (e.g., HP Fortify, Coverity, Checkmarx) and knowledge of OWASP tools and methodologies.

  • Experience with Cloud Service Providers (Azure and/or AWS)

  • Security certifications, such as CISSP, CEH, OSCP, CISA, are desirable

  • Communication skills to create documentation, videos and conduct training classe

  • Evaluate and implement tools/frameworks/services supporting secure software delivery and monitoring

  • Verify security vulnerabilities identified by automated tools and configure tools to reduce noise

  • Develop threat models with development teams to help expose risks in their deliverables

  • Participate in application design and architectural reviews

  • Train and mentor development teams on secure coding practices via regular code reviews, pair programming, and training exercises/presentations

  • Facilitate activities such as blue/red team events and bug bounty programs

  • Lead prioritization discussions to gain traction on important security issues

  • Act as a liaison with 3rd parties performing vulnerability scans and penetration testing to validate findings and inform priorities and strategies for remediation

  • Draft, evaluate, and monitor compliance with application and development security standards

  • Ensures teams are validating for OWASP and performing industry leading application security practices.

Qualifications

  • 5 Years in security application development or offensive security application testing.

  • Bachelor in Cybersecurity, CS or Information Security preferred, or equivalent work experience

  • Security certification such as OSCP, CISSP, CEH, GSS

  • Experience with some of the following technologies:

  • Javascript, React, NPM

  • .NET (C#, WCF, WPF, WF, EF) and other framework components

  • ASP.NET WebAPI

  • T-SQL, relational database schema and data modelling

  • Cloud architecture

  • Docker, Kubernetes, microservices

  • Apple Pay or Google Wallet

  • InCapsula

  • Veracode, IBM APPSCAN, Kenna Security Application Risk Module, WebInspect

  • Experience with vulnerability and application scanning tools (e.g., Qualys, Nessus, Rapid 7, BurpSuite)

  • Programing background and working experience in SDLC and software development tools such as Eclipse, Jenkins or similar

  • Experience with static analysis tools (e.g., HP Fortify, Coverity, Checkmarx) and knowledge of OWASP tools and methodologies.

  • Experience with Cloud Service Providers (Azure and/or AWS)

  • Communication skills to create documentation, videos and conduct training classes

InComm provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity or national origin, citizenship, veteran’s status, age, disability status, genetics or any other category protected by federal, state, or local law.

*This position is eligible for the Employee Referral Bonus Program - Tier 4 - #LI-KH1

TypeFull-Time

DirectEmployers