Information Security Engineer III
As an Information Security Engineer III, you will work on securing applications across InComm Payments by integrating security tools into CI/CD pipelines, conducting threat modeling, and supporting incident response. Ideally, you will have 5+ years of application security experience, strong scripting and cloud security skills (Azure, AWS, OCI), and hands‑on knowledge of SAST/DAST tools, WAFs, and penetration testing. The role also involves collaborating with development teams, leading security initiatives, and ensuring compliance with industry standards.
Responsibilities:
- Integrate SAST tooling into CI/CD pipelines, ensuring compatibility and productive scanning within development workflows.
- Provide tailored SAST integration support for development teams at varying maturity levels with diverse toolsets and security requirements.
- Analyze application logs for anomalous patterns, communicate findings to leadership, and persuade them to take appropriate action.
- Participate in on‑call rotation in support of WAF incidents.
- Validate security vulnerabilities identified by automated tools and fine‑tune configurations to minimize false positives and reduce noise.
- Develop threat models with development teams to help expose risks in their deliverables.
- Conduct regular assessments of security configurations and controls within Azure, AWS, and OCI environments.
- Incident Response: Assist in investigating security incidents with CSOC and implementing corrective actions.
- Participate in application design and architectural reviews.
- Facilitate activities such as blue/red team events and bug bounty programs.
- Lead prioritization discussions to gain traction on important security issues.
- Act as a liaison with 3rd parties performing vulnerability scans and penetration testing to validate findings and inform priorities and strategies for remediation.
- Draft, evaluate, and monitor compliance with application and development security standards.
- Ensure development teams are validating for OWASP Top 10 and performing industry‑leading application security practices.
Qualifications:
- 5+ years of application security experience.
- Strong background with CI/CD processes and associated tooling, such as Jenkins, GitHub Actions, Azure Pipelines, or similar.
- Extensive experience with SAST & DAST application scanning tools and knowledge of OWASP methodologies.
- Application security experience with high level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP).
- Experience with Container technologies – Docker, Docker Swarm, Kubernetes.
- Experience in cloud security, specifically with Azure, AWS, and OCI, preferably in the Fintech or related sectors and multi‑cloud environments.
- Knowledge of Web Application Firewalls (WAF).
- Experience with Identity and Access Management security solutions and protocols (e.g., SAML, OpenID, and OAuth).
- Experience with performing web, API, and mobile manual penetration testing; preparing reports to document findings; and presenting the report to development teams.
- Familiarity with regulatory controls and industry best practices such as HIPAA, PCI, HiTrust, NIST etc.
- Conduct regular assessments of security configurations and controls within Azure, AWS, and OCI environments.
- Incident Response: Assist in investigating security incidents and implementing corrective actions.
- Communication skills to create documentation, videos and conduct training classes.
- Ability to manage multiple tasks simultaneously and meet established deadlines.
- Ability to collaborate with IT teams on security‑related tasks and projects.
- Ability to work productively while remote and communicate effectively in a virtual team environment.
- Ability to stay current with new technology.
#J-18808-Ljbffr