Application Security Analyst - Remote
Portsmouth, New Hampshire, United States
Applications have closed
Bottomline Technologies
Your customers want an engaging payment experience. Bottomline can help.Bottomline is at the forefront of digital transformation. We are a growing global market leader uniquely equipped to address the changing needs of how businesses pay and get paid. Our culture of working with and for each other enables us to delight our customers. We empower our teams to think like owners driving customer delight, helping them grow their business and win in their markets.
Bottomline Technologies is seeking an Application Security Engineer to join its global security team. This position shall be dedicated to collaborating with the Bottomline product owners and development teams to ensure that software security controls and testing are integrated throughout the software development lifecycle. The Software Security Engineer works closely with team members to define software security best practices, performs software security tests, and supports the identification, interpretation, and remediation of security vulnerabilities across a variety of platforms.
This position can be based out of an REMOTE location within the US, East Coast preferred
How you’ll contribute:
- Accountable for the day-to-day operations of the Software Security program
- Collaborate with product development and solution delivery teams to provide expertise and support for information security matters
- Contribute to security planning, assessment, risk analysis, certification, and awareness activities with product teams and developers
- Continuously assess, measure, and monitor information security risk by performing software vulnerability assessments and penetration tests
- Identify weak or missing security controls and security vulnerabilities
- Actively manage and drive security vulnerability remediation efforts across the organization
- Research and evaluate current or emerging security technologies to support cybersecurity initiatives
- Maintain compliance to security policies, standards, procedures
- Responsible for identifying and collecting relevant information security metrics
- Measure performance indicators of program activities and effectively communicate status to stakeholders
- Review existing policies and procedures and work with management to keep them updated
- Stay abreast of emerging threats, vulnerabilities, and be active in the security community
- Establish and maintain strong relationships with product teams and developers
What will make you successful:
- 0-2 years of experience in Software Security, Software Development, Security Operations or equivalent
- Relevant security testing certifications: CEH, OSCP, GPEN, GWAPT, GXPN or GMOB
- Web application vulnerability identification, including extensive OWASP knowledge, such as cross-site scripting (XSS), sessions hijacking, Injection, CSRF, and other attack vectors.
- Penetration testing techniques to find Remote code execution, Buffer overflow, Privilege escalation, Database injection, Exploiting payloads, Path injection, etc.
- Strong knowledge and experience with static and dynamic code security assessment tools
- Knowledge of Secure Software Development Lifecycle frameworks and processes
- Java & JavaScript development
- Strong understanding of cryptography and commonly used protocols
- Ability to support off-hours, weekends, and holidays if needed in support of critical projects
- Bachelor’s degree in Computer Science or technology-related field, or equivalent work experience
Preferred Skills:
- Application security testing such as Veracode, HCL App Scan and Qualys
- Experience working with continuous integration and continuous delivery CI/CD pipeline automation
- Administration and hardening of Linux and Windows systems
- Working knowledge of Docker, Kubernetes, Puppet, and Terraform
- Strong understanding of industry standards and frameworks (NIST, ISO, CIS, OWASP, PCI DSS)
- Good understanding of FFIEC, GDPR, GLBA, and HIPAA regulations
- Experience working with AWS and Azure solutions
- Experience working in a financial technology, banking or financial services environment
You’ll love Bottomline because in everything we do we seek to delight our customers and we are passionate about building a company of which we can all be proud, and this starts with building amazing teams filled with team members that challenge you every day.
#LifeatBottomline
#LI-MS1
Tags: Application security Automation AWS Azure Banking CEH CI/CD Compliance Computer Science Cryptography CSRF Docker GDPR GMOB GPEN GWAPT GXPN HIPAA Java JavaScript Kubernetes Linux NIST OSCP OWASP PCI DSS Pentesting Puppet Qualys Risk analysis Scripting Security assessment Terraform Veracode Vulnerabilities Windows XSS
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs