Software Security Engineer

Bottomline is at the forefront of digital transformation. We are a growing global market leader uniquely equipped to address the changing needs of how businesses pay and get paid. Our culture of Working with and for each other enables us to delight our customers. We empower our teams to think like owners driving customer satisfaction, helping them grow their business and win in their markets.

We are looking for a Software Security Engineer to innovate, win, and grow with us.

This position shall be dedicated to collaborating with the Bottomline product owners and development teams to ensure that software security controls and testing are integrated throughout the software development lifecycle.  The Software Security Engineer works closely with team members to define software security best practices, performs software security tests, and supports the identification, interpretation, and remediation of security vulnerabilities across a variety of platforms.

Essential Job Functions

• Accountable for the day-to-day operations of the Software Security program
• Collaborate with product development and solution delivery teams to provide expertise and support for information security matters
• Contribute to security planning, assessment, risk analysis, certification, and awareness activities with product teams and developers
• Continuously assess, measure, and monitor information security risk by performing software vulnerability assessments and penetration tests
• Identify weak or missing security controls and security vulnerabilities
• Actively manage and drive security vulnerability remediation efforts across the organization
• Research and evaluate current or emerging security technologies to support cybersecurity initiatives
• Maintain compliance to security policies, standards, procedures
• Responsible for identifying and collecting relevant information security metrics
• Measure performance indicators of program activities and effectively communicate status to stakeholders
• Review existing policies and procedures and work with management to keep them updated
• Stay abreast of emerging threats, vulnerabilities, and be active in the security community
• Establish and maintain strong relationships with product teams and developers
• Proactively supports, trains, and motivates less experienced team members

Required Skills

• Self-starter with the ability to work independently and manage diverse priorities well
• Strong problem solving and analytical skills
• Ability to work in a results-oriented environment, understand complex systems, prioritize tasks, and meet deadlines with minimal supervision
• Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timeframes
• Must be able to learn and adapt quickly to ever changing requirements and priorities
• Excellent verbal and written communication skills including the ability to explain complex issues and processes in a concise manner that is appropriate for the intended audience
• Ability to support off-hours, weekends, and holidays if needed in support of critical projects
• Web application vulnerability identification, including extensive OWASP knowledge, such as cross-site scripting (XSS), sessions hijacking, Injection, CSRF, and other attack vectors.
• Penetration testing techniques to find Remote code execution, Buffer overflow, Privilege escalation, Database injection, Exploiting payloads, Path injection, etc.
• Strong knowledge and experience with static and dynamic code security assessment tools
• Knowledge of Secure Software Development Lifecycle frameworks and processes
• Java & JavaScript development
• Experience with scripting languages and text manipulation tools
• Strong understanding of cryptography and commonly used protocols

Preferred Skills

• Experience working with continuous integration and continuous delivery CI/CD pipeline automation
• Administration and hardening of Linux and Windows systems
• Working knowledge of Docker, Kubernetes, Puppet, and Terraform
• Strong understanding of industry standards and frameworks (NIST, ISO, CIS, OWASP, PCI DSS)
• Good understanding of GDPR, GLBA, and HIPAA regulations
• Experience working with AWS and Azure solutions

Education & Experience

• Bachelor’s degree in Computer Science or technology-related field or equivalent work experience required
• Relevant Security Testing certifications CEH, OSCP, GPEN, GWAPT, GXPN, or GMOB preferred
• 2-4 years of experience in Software Security, Software Development, Security Operations, or equivalent preferred
• Experience working in financial technology, banking, or financial services preferred

Bottomline is a participating employer in the Employment Verification (E-Verify) program EOE/AA/M/F/V/D/E-Verify Employer.

Bottomline Technologies is an Equal Employment Opportunity and Affirmative Action Employer.

You’ll love Botttomline because in everything we do we seek to delight our customers and we are passionate about building a company of which we can all be proud, and this starts with building amazing teams filled with team members that challenge you every day.

#LI-JH1