The #1 Site for IT and Engineering Jobs - search all IT and Engineering  jobs.
Mh60tx69dzlj1t8dnwn

Application Security Analyst - OpenEdge

Job Description

Summary:

Cyber Security Lead implements application security strategy based on OWASP Software Assurance Maturity Model, creates and enforces policy and guidelines, performs risk assessment and threat modeling for application portfolio, and tracks closure of security vulnerabilities as per defined SLAs. Serves as liaison with broader Information Security and Regulatory Compliance teams, participates in security audits, and mentors engineering teams on secure development.

Job Details:

  • Manage and enforce application and cloud security policy and guidelines
  • Classify applications by business risk and application specific threat models
  • Define control requirements and gates as per application risk profile
  • Perform application security assessments and own application security requirements for product development
  • Review vulnerability scan results and track closure of vulnerabilities
  • Produce and track security metrics
  • Mentor and educate product development and quality engineers on secure development
  • Monitor and review CVEs, industry developments, and provide inputs for continuous improvement
  • Provide inputs to enhance enterprise architecture blueprint and SDLC to incorporate latest developments and changes in security landscape
  • Liaison with Information Security teams to design and implement security solutions across stacks and disciplines, prepare and execute incident response
  • Liaison with  compliance team on security requirements from regulatory, PCI, and card brand perspective
  • Lead certification efforts for PCI Secure Software Life Cycle Standard
  • Participate and provide relevant inputs and evidence for internal and external security audits

Requirements:

  • A minimum of 5 years experience in cyber security risk analysis and threat modelling.
  • Experience working with DREAD and/or FAIR frameworks preferred
  • Knowledge of Software Security Assurance frameworks preferably OWASP SAMM
  • Knowledge of secure coding best practices, secure SDLC, secure architecture, and operations
  • In depth understanding of OWASP Top 10 Critical Web Application Security Risks, their identification, and architecture, design, coding patterns to mitigate them
  • Experience with vulnerability results analysis and recommended corrective actions
  • Experience with SAST, DAST, Software composition analysis, and Binary fuzzing tools and techniques
  • Experience working with security of applications  developed in C#, Java, and web (HTML, CSS, JS, React, REST) technologies
  • Experience creating and managing policy, processes and procedure documents
  • Working knowledge of network/infrastructure security technologies (firewall, IDS/IPS, WAF)
  • Strong analytical, interpersonal and communication skills
  • Ability to train and mentor agile development teams
  • Experience with Fortify On Demand,  Burp Suite preferred
  • Knowledge of PCI standards preferred
  • Relevant industry security certification preferred

#LI-RH1

Global Payments Inc. is an equal opportunity employer.

Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. Those applicants requiring reasonable accommodation to the application and/or interview process should notify a representative of the Human Resources Department.

Job Requirements

 

Job Snapshot

Location US-UT-Lindon
Employment Type Full-Time
Pay Type Year
Pay Rate N/A
Store Type IT & Technical
Apply

Company Overview

Global Payments Inc.

Global Payments has been a market leader in the U.S. since the 1960s when its former parent company, National Data Corporation, pioneered a specialized data processing system. For over 50 years, Global Payments has been delivering innovative payment solutions. Our software-driven, technology-enabled solutions are leading our customers into the future. Headquartered in Atlanta, Georgia with more than 10,000 employees worldwide, Global Payments is a member of the S&P 500 with customers and partners in 30 countries throughout North America, Europe, the Asia-Pacific region and Brazil. Learn More

Contact Information

US-UT-Lindon
Icon-social-facebookIcon-social-linkedinIcon-social-twitter
Snapshot
Global Payments Inc.
Company:
US-UT-Lindon
Location:
Full-Time
Employment Type:
Year
Pay Type:
N/A
Pay Rate:
IT & Technical
Store Type:

Job Description

Summary:

Cyber Security Lead implements application security strategy based on OWASP Software Assurance Maturity Model, creates and enforces policy and guidelines, performs risk assessment and threat modeling for application portfolio, and tracks closure of security vulnerabilities as per defined SLAs. Serves as liaison with broader Information Security and Regulatory Compliance teams, participates in security audits, and mentors engineering teams on secure development.

Job Details:

  • Manage and enforce application and cloud security policy and guidelines
  • Classify applications by business risk and application specific threat models
  • Define control requirements and gates as per application risk profile
  • Perform application security assessments and own application security requirements for product development
  • Review vulnerability scan results and track closure of vulnerabilities
  • Produce and track security metrics
  • Mentor and educate product development and quality engineers on secure development
  • Monitor and review CVEs, industry developments, and provide inputs for continuous improvement
  • Provide inputs to enhance enterprise architecture blueprint and SDLC to incorporate latest developments and changes in security landscape
  • Liaison with Information Security teams to design and implement security solutions across stacks and disciplines, prepare and execute incident response
  • Liaison with  compliance team on security requirements from regulatory, PCI, and card brand perspective
  • Lead certification efforts for PCI Secure Software Life Cycle Standard
  • Participate and provide relevant inputs and evidence for internal and external security audits

Requirements:

  • A minimum of 5 years experience in cyber security risk analysis and threat modelling.
  • Experience working with DREAD and/or FAIR frameworks preferred
  • Knowledge of Software Security Assurance frameworks preferably OWASP SAMM
  • Knowledge of secure coding best practices, secure SDLC, secure architecture, and operations
  • In depth understanding of OWASP Top 10 Critical Web Application Security Risks, their identification, and architecture, design, coding patterns to mitigate them
  • Experience with vulnerability results analysis and recommended corrective actions
  • Experience with SAST, DAST, Software composition analysis, and Binary fuzzing tools and techniques
  • Experience working with security of applications  developed in C#, Java, and web (HTML, CSS, JS, React, REST) technologies
  • Experience creating and managing policy, processes and procedure documents
  • Working knowledge of network/infrastructure security technologies (firewall, IDS/IPS, WAF)
  • Strong analytical, interpersonal and communication skills
  • Ability to train and mentor agile development teams
  • Experience with Fortify On Demand,  Burp Suite preferred
  • Knowledge of PCI standards preferred
  • Relevant industry security certification preferred

#LI-RH1

Global Payments Inc. is an equal opportunity employer.

Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. Those applicants requiring reasonable accommodation to the application and/or interview process should notify a representative of the Human Resources Department.

Job Requirements

 
Sologig Advice

For your privacy and protection, when applying to a job online: Never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction.Learn More

By applying to a job using sologig.com you are agreeing to comply with and be subject to the workinretail.com Terms and Conditions for use of our website. To use our website, you must agree with theTerms & Conditionsand both meet and comply with their provisions.
Application Security Analyst - OpenEdge Apply now