Log In
Sign Up
REMOTE POSITION
The Application Security Engineer position is focused on performing application security testing, design, and working in partnership with development teams throughout the organization. The scope of responsibility includes, but is not limited to static and dynamic application security testing, penetration testing, maturing the software development life cycle, and API security testing.Successful candidates will be able to review application code and development environments for security concerns and best practices; making recommendations and assisting development teams in implementing recommendations from those assessments.
* Operate as a liaison between the Security Team and the Development Teams.
* Ensure developers and QA departments are trained with the appropriate level of security knowledge to perform their daily activities.
* Preserve PCI and SOX Security Certification programs as they relate to applications working with, transforming, or processing regulated and non-regulated data.
* Provide periodic security briefings and threat assessments as required along with written reports.
* Work with other staff to perform periodic scans and assessments.
* Assist in identifying and communicating security exposures, security incidents. Duties may also include participating in collecting and documenting cyber security and incident response data.
* Support incident response and architecture review whenever applications security expertise is needed.
* Integrate threat modeling practices into the SDLC
* Produce metrics reporting the state of application security programs and the performance of development teams against those requirements.
* Perform other duties as required
* Bachelors in Information Technology or related field is preferred.
* Prefer generally-accepted Industry InfoSec certifications such as CASE, CSSLP, CEH, Security+
* Minimum of five years of IT experience with at least three being in Information Security.
* Strong communication skills; ability to convey and document security guidelines, requirements, and coding best practices.
* Working knowledge of typical encryption and encrypted communication code solutions for data in transit and at rest.
* Ideal candidate will have experience in securing off-premise network resources, including colocation sites, remote data centers, Amazon Web Services and/or Azure.
* Candidate should have basic knowledge and working experience with Linux, Windows, VMware, and other operating systems and applications typically found in an enterprise corporate environment having remote locations.
* Familiarity with Security Best Practices in common coding languages such as (List Languages we use here)
* Strong logical and analytical thinker; exceptional skills in security systems solutions.
* Ability to work both independently and as part of a local and/or remote technology team.
* Attention to detail and demonstrated history of using careful approaches to tasks being performed.
* Can anticipate risks and mitigate issues in the moment.
* Experience and familiarity with the following:
o Kali Linux toolsets
o Risk management methodologies
o Threat Hunting
o Simulated threat skillsets (Red / blue teaming)
o DDoS knowledge
o Malware analysis
o Application Penetration Testing
o API Security Testing
o Software Development Life Cycle Design and Implementation
o Static and Dynamic Application Testing Tools and Methods
o Container and orchestration security (Kubernetes, Docker, Octopus, Github, etc)
o Familiarity with firmware security
o Familiarity with Application Security Testing Frameworks such as OWASP
————————-
This role requires the ability to work from home in a virtual environment, where the following is required;
reliable high-speed internet access (hotspot not acceptable)
dedicated distraction-free home work environment
COMPANY OVERVIEW:
CPI Card Group is a payment technology company and leading provider of credit, debit and prepaid solutions delivered physically, digitally and on-demand. CPI helps our customers foster connections and build their brands through innovative and reliable solutions, including financial payment cards, personalization and fulfillment, and Software-as-a-Service (SaaS) instant issuance. CPI has more than 20 years of experience in the payments market and is a trusted partner to financial institutions and payments services providers. Serving customers from locations throughout the United States, CPI has a large network of high security facilities, each of which is certified by one or more of the payment brands: Visa, Mastercard, American Express and Discover. Learn more at [
The health and safety of our employees continues to be a top priority at CPI Card Group as we face the challenges associated with the COVID-19 pandemic. Across our production and fulfillment facilities we have implemented procedures such as enhanced cleaning, daily temperature checks, social distancing measures, and required face masks for all individuals onsite in our facilities. We also continue to monitor federal, state and local health and safety guidelines and requirements to adjust our procedures as necessary. These are just a few examples of our commitment to the safety and health of our workplaces.
BENEFITS
Competitive pay rates and an inclusive, empowering and rewarding culture.
Solid benefits package including Medical, Dental, Vision, Long Term Disability, Short Term Disability, Life Insurance, Accident Insurance, Critical Illness Insurance, FSA, HSA, Vacation and Holiday Pay, Tuition Reimbursement and 401K with a competitive company match percentage.
CPI is an EEO Employer. A complete background including drug screen is contingent upon hire
IT & Telecoms
