Application Security Analyst - Remote

Bottomline Technologies

Salt Lake City Utah

United States

Information Technology
(No Timezone Provided)

Bottomline is at the forefront of digital transformation. We are a growing global market leader uniquely equipped to address the changing needs of how businesses pay and get paid. Our culture of working with and for each other enables us to delight our customers. We empower our teams to think like owners driving customer delight, helping them grow their business and win in their markets.

Bottomline Technologies is seeking an Application Security Analyst to join its global security team. This position shall be dedicated to collaborating with the Bottomline product owners and development teams to ensure that software security controls and testing are integrated throughout the software development lifecycle. The Application Security Analyst works closely with team members to define software security best practices, performs software security tests, and supports the identification, interpretation, and remediation of security vulnerabilities across a variety of platforms.

This position can be based out of an REMOTE location within the US, East Coast preferred

How You’ll Contribute

  • Accountable for the day-to-day operations of the Software Security program
  • Collaborate with product development and solution delivery teams to provide expertise and support for information security matters
  • Contribute to security planning, assessment, risk analysis, certification, and awareness activities with product teams and developers
  • Continuously assess, measure, and monitor information security risk by performing software vulnerability assessments and penetration tests
  • Identify weak or missing security controls and security vulnerabilities
  • Actively manage and drive security vulnerability remediation efforts across the organization
  • Research and evaluate current or emerging security technologies to support cybersecurity initiatives
  • Maintain compliance to security policies, standards, procedures
  • Responsible for identifying and collecting relevant information security metrics
  • Measure performance indicators of program activities and effectively communicate status to stakeholders
  • Review existing policies and procedures and work with management to keep them updated
  • Stay abreast of emerging threats, vulnerabilities, and be active in the security community
  • Establish and maintain strong relationships with product teams and developers
What Will Make You Successful
  • 0-2 years of experience in Software Security, Software Development, Security Operations or equivalent
  • Relevant security testing certifications: CEH, OSCP, GPEN, GWAPT, GXPN or GMOB
  • Web application vulnerability identification, including extensive OWASP knowledge, such as cross-site scripting (XSS), sessions hijacking, Injection, CSRF, and other attack vectors.
  • Penetration testing techniques to find Remote code execution, Buffer overflow, Privilege escalation, Database injection, Exploiting payloads, Path injection, etc.
  • Strong knowledge and experience with static and dynamic code security assessment tools
  • Knowledge of Secure Software Development Lifecycle frameworks and processes
  • Java & JavaScript development
  • Strong understanding of cryptography and commonly used protocols
  • Ability to support off-hours, weekends, and holidays if needed in support of critical projects
  • Bachelor’s degree in Computer Science or technology-related field, or equivalent work experience
Preferred Skills
  • Application security testing such as Veracode, HCL App Scan and Qualys
  • Experience working with continuous integration and continuous delivery CI/CD pipeline automation
  • Administration and hardening of Linux and Windows systems
  • Working knowledge of Docker, Kubernetes, Puppet, and Terraform
  • Strong understanding of industry standards and frameworks (NIST, ISO, CIS, OWASP, PCI DSS)
  • Good understanding of FFIEC, GDPR, GLBA, and HIPAA regulations
  • Experience working with AWS and Azure solutions
  • Experience working in a financial technology, banking or financial services environment
You’ll love Bottomline because in everything we do we seek to delight our customers and we are passionate about building a company of which we can all be proud, and this starts with building amazing teams filled with team members that challenge you every day.

#LifeatBottomline

Application Security Analyst - Remote

Bottomline Technologies

Salt Lake City Utah

United States

Information Technology

(No Timezone Provided)

Bottomline is at the forefront of digital transformation. We are a growing global market leader uniquely equipped to address the changing needs of how businesses pay and get paid. Our culture of working with and for each other enables us to delight our customers. We empower our teams to think like owners driving customer delight, helping them grow their business and win in their markets.

Bottomline Technologies is seeking an Application Security Analyst to join its global security team. This position shall be dedicated to collaborating with the Bottomline product owners and development teams to ensure that software security controls and testing are integrated throughout the software development lifecycle. The Application Security Analyst works closely with team members to define software security best practices, performs software security tests, and supports the identification, interpretation, and remediation of security vulnerabilities across a variety of platforms.

This position can be based out of an REMOTE location within the US, East Coast preferred

How You’ll Contribute

  • Accountable for the day-to-day operations of the Software Security program
  • Collaborate with product development and solution delivery teams to provide expertise and support for information security matters
  • Contribute to security planning, assessment, risk analysis, certification, and awareness activities with product teams and developers
  • Continuously assess, measure, and monitor information security risk by performing software vulnerability assessments and penetration tests
  • Identify weak or missing security controls and security vulnerabilities
  • Actively manage and drive security vulnerability remediation efforts across the organization
  • Research and evaluate current or emerging security technologies to support cybersecurity initiatives
  • Maintain compliance to security policies, standards, procedures
  • Responsible for identifying and collecting relevant information security metrics
  • Measure performance indicators of program activities and effectively communicate status to stakeholders
  • Review existing policies and procedures and work with management to keep them updated
  • Stay abreast of emerging threats, vulnerabilities, and be active in the security community
  • Establish and maintain strong relationships with product teams and developers
What Will Make You Successful
  • 0-2 years of experience in Software Security, Software Development, Security Operations or equivalent
  • Relevant security testing certifications: CEH, OSCP, GPEN, GWAPT, GXPN or GMOB
  • Web application vulnerability identification, including extensive OWASP knowledge, such as cross-site scripting (XSS), sessions hijacking, Injection, CSRF, and other attack vectors.
  • Penetration testing techniques to find Remote code execution, Buffer overflow, Privilege escalation, Database injection, Exploiting payloads, Path injection, etc.
  • Strong knowledge and experience with static and dynamic code security assessment tools
  • Knowledge of Secure Software Development Lifecycle frameworks and processes
  • Java & JavaScript development
  • Strong understanding of cryptography and commonly used protocols
  • Ability to support off-hours, weekends, and holidays if needed in support of critical projects
  • Bachelor’s degree in Computer Science or technology-related field, or equivalent work experience
Preferred Skills
  • Application security testing such as Veracode, HCL App Scan and Qualys
  • Experience working with continuous integration and continuous delivery CI/CD pipeline automation
  • Administration and hardening of Linux and Windows systems
  • Working knowledge of Docker, Kubernetes, Puppet, and Terraform
  • Strong understanding of industry standards and frameworks (NIST, ISO, CIS, OWASP, PCI DSS)
  • Good understanding of FFIEC, GDPR, GLBA, and HIPAA regulations
  • Experience working with AWS and Azure solutions
  • Experience working in a financial technology, banking or financial services environment
You’ll love Bottomline because in everything we do we seek to delight our customers and we are passionate about building a company of which we can all be proud, and this starts with building amazing teams filled with team members that challenge you every day.

#LifeatBottomline

Apply