Principal Application Security and Test Engineer

Global Payments·Northern Ireland

Description

Our Company

Global Payments Integrated helps businesses succeed by delivering secure and personalized payment solutions, allowing developers of business management solutions to accept payments through their systems and add value to their software. While many processors offer payments tied to antiquated platforms designed to support stand-alone systems, the Global Payments Integrated platform provides custom, scalable, and fast payment solution integration – accommodating the swiftly-shifting ways consumers pay for goods and services. With this visionary payment processing platform, Global Payments Integrated helps business management software companies grow their business through our embedded commerce services, bolster customer loyalty with unique payments solutions, and improve profitability.

Your new role

We’re seeking an experienced, self-motivated, and dedicated Software Security and Quality Engineer to participate in all aspects of building and securing Global Payments Integrated’s products.

This is a hands-on role, requiring you to demonstrate acute technical abilities to perform application security engineering activities. Key to your success will be demonstrating a thorough understanding of industry regulations and compliance standards as you partner with our application developers to promote our secure software development processes.

You’ll be working within Global Payments Integrated’s engineering team to deliver application security services to the company and its customers. These services include evaluating threats, vulnerabilities, and risk while supporting real-time security-monitoring operations, security testing, and data-security requirements to protect systems and data.

Naturally, you’ll possess strong technical and analytical skills that you’ll rely on to work effectively with the company’s software architects and engineering teams to ensure security is built into our products from the ground up.

Moreover, you’ll be a self-starter who can operate well within a variety of different situations and types of projects, ranging from a team of one to a team of many.

What you’ll be doing

  • Working closely with product architects, software architects, and software engineers to ensure Global Payments Integrated’s products are developed using secure software development methodologies.
  • Collaborating and advising management, application development teams, project managers, and other infrastructure engineering groups on security best practices.
  • Identifying potential threats by performing threat modelling, static code analysis, and dynamic application security tests for payment terminals, mobile, web, and infrastructure.
  • Recommending enhancements to existing security test tools and practices, as well as for new security test tools and practices.
  • Working with multiple subject matter experts across a range of domains to ensure the company complies with PCI-DSS, PA-DSS, P2PE, and SOC2 standards and contributing to delivery of evidence as required by audits.
  • Developing and maintain software and information security testing documentation including test plans, best practices, guidelines etc.
  • Conducting software security risk assessments using industry approved methodologies and in-house best practices and tools
  • Following up on forensic investigations of incidents and document findings with test strategies to prevent reoccurrence
  • Managing the employee security testing program, helping to create and foster secure coding and testing as a built-in feature of software engineering
  • Maintaining an up to date knowledge of emerging security practices and standards.
  • A variety of other assignments.

What we need from you

  • Extensive experience in Information Security including software security, security engineering, security operations, risk and compliance.
  • BA/BSc degree in Computer Science, Information Security, or related discipline preferred.
  • Awareness of the Payment Card Industry (PCI) data security standards (PCI DSS), the payment application data security standards (PA DSS), the Point to Point encryption standard (P2PE), the Service Organisation Controls (SOC) as well as experience in the implementation of controls to mitigate compliance issues.
  • Experience working in a secure software development environment including the following; security assessments of application designs and architectures, implementing secure development practices and development of threat models.
  • Experience and in-depth working knowledge across multiple technical disciplines including one or more of the following: Firewalls (including App Firewalls), SIEM, Enterprise Anti-Malware solutions, DLP, Vulnerability Assessment tools, Technology Compliance tools, FIM.
  • Ability to understand forensic analysis of security incidents and produce effective measures to avoid / detect future occurrences.
  • Working knowledge of Windows and Linux Operating Systems.
  • Working knowledge of networking protocols, including FTP, HTTP, DNS, DHCP, RADIUS, SNMP, SSH, Syslog, and SMTP.
  • Working knowledge of software security tools, including, Burp suite, Nessus, etc.
  • Present ideas, expectations, and information in a concise, well organized way.
  • Excellent communication skills.
  • Ability to work independently towards goals.
  • Excellent work ethic and the ability to be a productive and reliable team member.

What we’d like you to have (but don’t need right away)

  • Extensive experience in secure software development practices and threat modelling.
  • Detailed knowledge and understanding of the Payment Card Industry (PCI) data security standards (PCI DSS) and the payment application data security standards (PA DSS), the Point to Point encryption standard (P2PE) as well as experience in the implementation of controls to mitigate compliance issues.
  • Knowledge and exposure to one or more of the following: Databases, Scripting experience (PowerShell, Python, Windows), Web application firewalls IDS/IPS, Malware detection and analysis.
  • Experience of cryptography and working with Hardware Security Modules.
  • Experience on bug-bounty programs.
  • Experience of securing products deployed in cloud based environments.
  • Knowledge of the security challenges faced by distributed microservice architectures.
  • Security and / or Networking certifications.

What’s in it for you

  • Attractive Salary
  • Flexible working with the option to work from home
  • Free car parking at the office
  • 35 days holiday + option to buy extra days per year
  • Private Medical Insurance
  • Health Cash Plan
  • Income protection
  • Life Insurance
  • Group Personal Pension Plan (matched up to 5%)
  • Cycle To Work Scheme
  • Office lunches
  • Summer/Christmas Parties + social events throughout the year.

Equality of Opportunity
Global Payments is committed to diversity and equal opportunities for everyone. We are committed to ensuring that all job applicants and team members are treated equally, without discrimination because of gender, sexual orientation, marital or civil partner status, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, political opinion, disability, age or any other characteristic prohibited by law.

How to Apply

Apply Now