Application Security Engineer

We’re looking for talented professionals, anywhere in the United States, to join us in bringing smart money management and payment solutions to everyone’s fingertips.

At Green Dot, we are evolving to a new and permanent “Work from Anywhere” model designed to maximize the benefits of remote work, promote and enable a strong culture of performance and connectedness, and attract the best and brightest talent who align with our entrepreneurial spirit and mission.

<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>> 

JOB DESCRIPTION

We are seeking an experienced Application Security Engineer with a strong understanding of application architecture and well versed in understanding code and configurations. The ideal candidate will conduct security reviews of applications, code along with manual security assessments, vulnerability identification, and suggest mitigation strategies. This role will collaborate with development teams and DevSecOps to enhance security practices throughout the software development lifecycle (SDLC).

Key Responsibilities

• Integrate security practices into the software development pipeline
• Manage Application Security Assurance (SAST/DAST/SCA) program and review results to ensure security practices are being followed
• Review code and propose architecture designs for security concerns
• Serves as a Subject Matter Expert (SME) in application security for enterprise projects during development phases to provide Information Security consulting and recommendations, ensuring the implementation of approved security requirements.
• Perform Security review for g, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects.
• Perform security testing of web applications/Web Services (SOAP/REST) and mobile applications(iOS/Android)
• Familiar with Network/Infrastructure PenTest practices.
• Support the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
• Work with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concept and pilot installations

Qualifications

• Bachelor's degree in Computer Science, Software Engineering or related field or equivalent combination of education and experience
• 4-6 years of experience in performing penetration testing, secure code review, static, dynamic and manual source code review.
• Experience with security testing tools for SAST, DAST, IAST and Pen Testing (BurpSuite).
• Experience in performing manual application PenTest for Web/Thick Client/Mobile and Web Services.
• Experience with attacks and mitigation methods, Bug Bounty Programs and Threat Modeling.
• Strong with tools like BurpSuite, Mobile SDKs, SOAPUI, Debugger….
• Strong understanding of common software and web application security vulnerabilities, including OWASP Top 10 and SANS/CWE Top 25
• Understanding of Single Sign On (SSO) frameworks, mechanisms such as OAuth and SAML
• Familiar with Python or other scripting language
• Passionate and excited about security topics and engineering.
• Excellent communication skills, both written and verbal
• Desire and ability to ramp up quickly on new technologies and a demonstrated ability to deal with complex technical situations.
• Certification such as CISSP, OSCP, GPEN, CPT is a plus

POSITION TYPE

Regular

PAY RANGE

The targeted base salary for this position is $104,900 to $157,300 per year. The final compensation will be determined by a number of factors such as qualifications, expertise, and the candidate’s geographical location.

<<>><<>><<>><<>><<>><<>><<>><<>><<>><<>>

Green Dot promotes diversity and provides equal opportunity for all applicants and employees. We are dedicated to building a company that represents a variety of backgrounds, perspectives, and skills. We believe that the more inclusive we are, the better our work (and work environment) will be for everyone. Additionally, Green Dot provides reasonable accommodations for candidates on request and respects applicants' privacy rights.

Work Authorization Requirement
At Green Dot Corporation, we value diversity and strive for fair and inclusive hiring practices. However, we are currently unable to offer visa sponsorship. All applicants must be legally authorized to work in the United States at the time of application and throughout the duration of employment, without the need for current or future sponsorship.