Application Security Engineer

Paypal

Vancouver, BC, Canada

Full time

Oct 23

This job is no longer accepting applications.

As an Application Security Engineer on the HyperWallet Infosec Security team, you will be responsible for building security into all HyperWallet products end-to-end. You will have the opportunity to participate in the company’s product security initiatives end-to-end. Furthermore, you will be both hands-on technical and influential, where you will be expected to directly communicate with cross-functional teams in Product Management, Development, and DevOps/SRE to drive security throughout the entire product.  As a thought leader in application security, you will report into the HyperWallet Security team, however will be deeply embedded in the Product Management and Engineering teams.


Your Responsibilities

  • Through close collaboration with product and engineering teams, ensure the adoption of SDLC and security best practices across the entire application lifecycle.
  • Define and implement security tooling in line with HyperWallet development processes with the goal of improving coverage and reducing time to action.
  • Improve security reporting, including coordinating vulnerability management, penetration testing, and infrastructure compliance.
  • You will have responsibilities for secure development methodologies and mechanisms for all HyperWallet products and services
  • Inform choices through a security lens for the entire development lifecycle, including design, coding & development, QA & security testing, and release
  • You will lead definition of SDLC and the software security maturity model
  • You will drive effective integration and adoption of best practices, latest methods & techniques in identifying design flaws and software issues


Your Experience

  • 8+ years of hands-on experience in application security, pen test, OWASP, security benchmarks, and automation
  • Security tooling and best practices, such as pre-commit/pre-receive hooks, dependency scanning, SAST, IAST, OSS, DAST, RASP, and vulnerability management, etc.
  • Demonstrated knowledge of security best practices, principles, and common security frameworks, such as NIST, ISO, Common Criteria, TCSEC, OWASP, etc.
  • In-depth knowledge of common application & network protocols, cryptographic technologies, public key infrastructure, common security threats, such as attack techniques, evasive techniques, and preventative & defensive methods
  • Strong understanding of methodologies and tools for threat analysis of complex systems, such as threat modeling and software fuzzing
  • Prior experiencing in implementing and integrating tools for static analysis, dynamic analysis, fuzzing, and penetration testing
  • Security tools benchmark and fine tuning
  • Experience in software security testing, methodologies, and frameworks
  • Microservice architecture expertise and best practices in securing APIs across multi-cloud environments
  • Hands-on experience in container-based deployments and orchestration tools (e.g. Kubernetes, Docker, EKS, GKE, Terraform)
  • Effective written and oral communication with multiple levels of leadership involving both the business and technical sides of the business


Education

  • Bachelor’s degree from four-year college or university; or equivalent training, education, and experience in information / cyber security, computer systems, IT, etc.


You must be logged in to to apply to this job.

Apply

Your application has been successfully submitted.

Please fix the errors below and resubmit.

Something went wrong. Please try again later or contact us.

Personal Information

Profile

View resume

Details