About This Opportunity
On-Line Strategies handles the growing complexity of payment processing for retailers so they can focus on what they do best – serving their customers. Our comprehensive switch platform seamlessly handles various forms of payment, from credit and debit to gift cards and loyalty rewards, empowering our partners to spend their time and creativity on growing their business and developing new products. By leveraging our expertise and experience, you can stay on the cutting-edge of payment operations and stand apart from your competition.
On-Line Strategies is looking to expand its team with a Software Development Application Security Specialist. This position will be responsible for assisting and performing technical activities related to the security of the development, implementation and mentoring of our applications, throughout our Software Development Lifecycle.
- Performs software security source code reviews.
- Participates in software testing including fuzzing, input and output validation.
- Guides and trains developers on application security issues.
- Performs and maintains Threat Modeling exercises for our applications.
- Maintains all OLS Web Application Firewalls including testing, creation, tuning of policies, certificate management and ciphers. Updates rulesets on all WAF’s as needed throughout test, QA, and production lifecycles.
- Participates in vBSIMM assessments and provides recommendations for process improvements.
- Review static and dynamic scan results of developed application software and provide guidance to developers on flaw remediation.
- Performs application layer penetration testing and internal application security assessments.
- Assists with IT Security operations including Web Application Firewall log reviews, system monitoring, change control processes and documentation review.
- Offers technical information securitysupport to staff responsible for development of OLS software including SSL negotiations, using secure cipher suites, and protocols.
- Assist with PCI, HIPAA, SOC2 and other annual assessments and audits including evidence collection.
- Other duties as assigned.
- 5 years of Security Software Development experience.
- Knowledge of secure Java coding concepts.
- In-depth knowledge of HTTP protocol, payloads and Web Application Firewalls e.g. F5 ASM WAF.
- Working knowledge of OWASP Top 10 concepts within a development environment.
- Experience with static and dynamic code scanning software such as Veracode.
- Experience with BurpSuite, ZedProxy or equlivalent toolsets.
- Microsoft office tools to include Word, Excel, PowerPoint.
- IT Security and or development experience in a PCI-DSS environment is beneficial.
- Experience with the Payments industry is beneficial but not required.
- Professional IT Security designation, such as CISSP, Security+, SANS GWAPT, GWEB or GSSP-JAVA is beneficial.
- Bachelors degree in Computer Science ideal.