该职位来源于猎聘 The Sr. Application Security Engineer is a key member of the Information Security team at Green Dot Corporation.

The Engineer is primarily responsible for leading the development, implementation, maintenance and training of the Application Security program across all IT development groups. Responsibilities

• Enhance the Application Security program through a very close collaboration with all Green Dot development teams.
• Review application security controls and designs prior to live implementations of new features or products.
• Plan, coordinate, and lead teams tasked with the design, integration, development, validation and implementation of specific security policies, systems and services.
• Evaluate new security technology & trends, and then makes recommendations to strengthen our information security environment.
• Identify application security risks and requirements for new projects and system developments.
• Develop security test plans and integrate into the software development lifecycle.
• Perform/oversee security testing and manage remediation of identified vulnerabilities
• Monitor and proactively report on current threats and vulnerabilities to application security.
• Create the necessary documentation that codifies the Application Security program. This will include the development of secure coding policies, procedures and standards, modification of the SDLC to include the necessary Security Checkpoints, code review methodologies etc.
• Work with 3rd party suppliers to promote secure design and security testing.
• Lead the assessment and acquisition of application security tools and technologies.
• Participate as a subject matter expert in the Green Dot incident response program.
• Attend design and application architectural reviews and actively lead the discussions from a security standpoint.
• Mentor junior members of the Application Security team.
• Update and lead the training programs used to train developers on secure code development practices.
• Evaluate application development and implementation activities for possible vulnerabilities.
• Identify gaps in compliance with PCI-DSS, GLBA, and SOX.
• Work very closely with development teams, product owners, and other groups in IT.
• Perform other duties as needed. Requirements
• Minimum 5 years of application security experience
• Bachelor’s degree in computer science or related field, or equivalent work experience
• In depth knowledge of application security vulnerabilities, testing techniques, and the OWASP framework.
• Understanding of Agile Scrum development methodologies.
• In depth understanding of secure web application development, .Net, C#, web services and SOAP
• In depth knowledge of SQL database architectures and database query languages.
• In depth knowledge of regulations and security compliance requirements such as PCI DSS, GLBA, and SOX.
• Good communication in English, both oral and written (presentations, technical reports and proposals);
• Strong analytical, evaluative, and problem-solving abilities;
• Experience of Fortify, Acunetix, ZAP, Burp Suite, Dependabot is preferred.
• Security qualifications, CISSP and/or CCSP certification preferred.
• Familiarity with cryptographic principals, and common encryption schemes such as symmetric/asymmetric encryption, hashing, SSL/TLS, IPSec, PGP, S/MIME, SSH, PKI.
• Have a great deal of application development and coding experience combined with a very deep understanding of Information Security and Secure Coding principles.