Job Summary: Trintech’s Application Security (AppSec) team is seeking a self-starter, ambitious, team player who will work in our cross functional team, adopting software industry best practice, quality assurance, and overall development of our security platform. The candidate should have experience with application security, secure coding, and application architectures.  The candidate will ensure that our programs maintain the most stringent of application security principles through the adherence to a mature Secure SDLC process expected from our customers. The Application Security (AppSec) Engineer will report directly to the Application Security Architect.

Essential Duties & Responsibilities

• Serve as a subject matter expert on internal product security engineering questions and requests
• Build and automate secure SDLC controls and best practices in an agile, CI/CD-focused environment.
• Work with Product and Engineering teams to help design secure products
• Work with developers to prioritize and remediate identified security vulnerabilities
• Lead efforts to implement and maintain security policies and remediation processes
• Balance security risk and product advancement within the parameters of the business
• Perform proactive research to detect new attack vectors
• Perform reactive incident response when a security event occurs
• Identify risks and areas of exposure in applications, our development process and architecture.
• Perform security reviews of source code, stored procedures, datastores, and server/service configurations.
• Oversee development of security components throughout all stages of the SDLC.
• Perform manual and automated security testing.
• Monitor industry trends and threat landscape and recommend necessary controls or countermeasures.
• Educate developers on secure coding techniques and security best practices.
• Work with QA engineers to implement security testing
• Participate in development of security policies, standards, and processes.
• Participate in incident handling and perform application-related forensics activities.