Receive alerts when this company posts new jobs.
Application Security Engineer I
- Pos. Category
- Information Technology
- Location : City
- Salt Lake City
- Location : State/Province
- Created Date
- Regular Full-Time
Want to work on a world-class team building life-changing financial products? Let me introduce you to Progrexion – that’s what we do every day.
Based in downtown Salt Lake City, our team builds industry leading services that help consumers access, understand, and verify their credit reports are fair, accurate, and substantiated. Our services power the technology behind Lexington Law (an independently owned law firm), Credit.com, and CreditRepair.com. And the good news? We have a lot of fun while we do it.
The successful candidate will demonstrate our Corporate Guiding Values of Integrity, Consumer Advocacy, Teamwork, Development, Quality and Performance in all areas of his/her work. The Identity & Access Management Engineer will be a highly skilled individual that manages authentication, authorization and privileges across the enterprise. This individual will have strong technical skills to ensure Progrexion’s information is safe at all times. Our ideal candidate will not only have a high business acumen, but will also have a technical background and ability to convey technical information into business terms.
Progrexion is looking for a skilled Application Security Engineer to analyze software designs and implementations from a security perspective, and identify and resolve security issues. You will include the appropriate security analysis, defenses and countermeasures at each phase of the software development lifecycle, to result in robust and reliable software.
- Strategize and outline goals and objectives of the application security program
- Assist with application security efforts to meet PCI and other compliance requirements
- Work directly with development teams and DevOps teams to ensure secure coding best practices are fully integrated with the Software Development Lifecycle
- Gauge and prioritize risk on identified vulnerabilities
- Design and implement static application security testing (SAST) and dynamic application security testing (DAST) tools and methodologies into the SDLC
- Help train developers with secure coding techniques to mitigate the need for break-fix/out-of-band patching
- Perform on-going security testing and code review to improve software security
- Troubleshoot and debug issues that arise with SAST and DAST tools
- Provide engineering designs for new software solutions to help mitigate security vulnerabilities
- Maintain technical documentation on processes and policies
- Develop a familiarity with new tools and techniques in the industry
- Bachelor's Degree or equivalent in Computer Science, Computer Engineering, Information Technology, or related field
- 2+ years of experience in application security or direct development experience related to a secure SDLC
- Proven work experience as a Software Security Engineer or Software Engineer with a passion for secure coding
- Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
- Familiarity with the OWASP Top 10
- Experience with threat modeling methodologies
- Software development experience in two of the following core languages: Python, Java, PHP, JS, Angular JS
- Knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures) and of network/web related protocols
- Experience designing, testing or auditing technical application security controls
- Working knowledge of and demonstrated experience with PCI Data Security Standard (PCI DSS)
- Demonstrated knowledge of project management methodologies (Agile, Waterfall)
- Ability to work in a fast-paced environment
- Must exhibit excellence in partnering, teamwork, and quality performance
- Able to effectively give, receive, and respond to feedback
- Excellent oral and written communication skills with the ability to communicate security concepts to a technical and non-technical audience including senior management
- Demonstrated ability to establish relationships and build rapport to influence colleagues at all levels, uncover issues, and identify needs
- Experience with tokenization of payment cards and/or credit report data
- GWAPT certification a plus
- Cloud Security certifications a plus
- OSCP Certification a plus
- Web application pentesting experience a plus
- Mobile application experience a plus
The job description is not designed to cover or contain a comprehensive listing of required duties or responsibilities. Other duties, responsibilities and activities may change or be assigned at any time with or without notice.