Cybersecurity Engineer
Mentor, OH, United States
Applications have closed
CardinalCommerce
As an Application Cybersecurity Engineer you will analyze software designs and implementations from a security perspective and identify and resolve security issues. You will be responsible for the appropriate security analysis, defenses, and countermeasures at each phase of the software development lifecycle, to result in robust and reliable software. You will review findings from various security tools (Qualys, CheckMarx, BlackDuck, etc.) and will work to remediate or coordinate the dissemination of security findings to product teams.
What You'll Do:
● Development and support of applications, primarily in Java
● Identify, troubleshoot, and remediate security vulnerabilities within applications
● Help define and implement consistent secure software development lifecycle (SSDLC) practices for all technology projects
● Ensure end-to-end security of products by hands-on testing, hypothesizing threats, helping development teams remediating risks upfront and championing secure implementation efforts
● Improve secure coding practices, application security requirements, automation, training, and metrics
● Integrate threat modeling practices into the software development lifecycle
● Help build secure products and standards around emerging technologies and using existing standards and security practices
● Perform security architecture and low-level application security design review involving data protection, authentication and authorizations, web application security and network security
● Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals
● Collaborate with product and solution teams to achieve software security program objectives
● Negotiate and bring consensus to diverse priorities of product development and solution teams
Additional Responsibilities:
● Develop and optimize processes to improve software development efficiency in the consumption of security development practices
● Maintain an active understanding of industry practices for secure software development and incident response
What we need you to have:
● Minimum of a bachelor’s degree in computer science, Information Technology, or other related field
o In lieu of degree, a high school diploma/equivalent with four or more years related experience and/or training or equivalent combination of education and experience will be considered
● 3+ years of work experience in the techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
● Deep understanding of OWASP Top 10 and CWE 25; with a proven record in implementing and integrating remediation strategies
● Hands-on experience with software development in Java / C#, JavaScript and HTML
● Extensive knowledge of web applications, web servers, layer 7 application technologies, frameworks, and protocols with respect to application development and deployment
● Deep knowledge and experience with DAST, SAST, and fuzzing tools and techniques
● Experience with application design, penetration testing, application risk and risk categorization
What we would love you to have:
● Experience driving and implementing secure development practices into SSDLC; ability to successfully integrate security into a developer’s world
● Familiar with waterfall and agile development processes and have experience integrating secure development practices into both models
● CISSP, CEH, GCIH, similar security certifications
Work Hours: Varies upon the needs of the department.
Mental/Physical Requirements: This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.
Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.
Visa will consider for employment qualified applicants with criminal histories in a manner consistent with applicable local law, including the requirements of Article 49 of the San Francisco Police Code.
U.S. APPLICANTS ONLY: The estimated salary range for a new hire into this position is 97,300 - 124,000 USD, which may include potential sales incentive payments (if applicable). Salary may vary depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for bonus and equity. Visa has a comprehensive benefits package for which this position may be eligible that includes Medical, Dental, Vision, 401 (k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness Program.
This position is headquartered out of the Visa/CardinalCommerce Mentor, OH location. To foster community, connection, and collaboration, it is expected that candidates adhere to a hybrid working model reporting to our office location 2-3x a week.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Application security Automation C CEH Checkmarx CISSP Computer Science Cryptography DAST GCIH Incident response Java JavaScript Network security OWASP Pentesting Qualys SAST SDLC Security analysis Vulnerabilities
Perks/benefits: Equity Health care Insurance Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs