Jobs
Bottomline Technologies logoBottomline Technologies

Application Security Analyst

Who Are We?

Bottomline is aligned to lead the business payments industry by removing complexity, and uniquely transforming the way businesses pay and get paid.

A journey that goes around the world serving financial institutions and companies in more than 90 countries, the Portsmouth office is the central strategic hub as well as one of the go-to market Centers of Excellence (COE) around the world, conveniently positioned to enable a fulfilling and flexible, hybrid work-life balance. A place to collaborate and knowledge share in multidisciplinary teams, as well as provide the perfect space to meet virtually with our colleagues across time zones.

Culture and Values

We are one global team, the cause for customer delight, who are strongly committed to maintaining our culture, and ensuring our values and principles are lived out daily.

When we work with and for each other we execute excellence both personally and

professionally by creating an environment where our people are encouraged to be brave and curious.

We excel at Bottomline because we are positive and passionate about building a #LifeAtBottomline

Role

We are looking for an Application Security Analyst to innovate, win and grow with us!

This person can work remotely from their preferred location in the United States

This position shall be dedicated to collaborating with the Bottomline product owners and development teams to ensure that software security controls and testing are integrated throughout the software development lifecycle. The Application Security Analyst works closely with team members to define software security best practices, performs software security tests, and supports the identification, interpretation, and remediation of security vulnerabilities across a variety of platforms.

How you’ll contribute:

You will

  •          Be accountable for the day-to-day operations of the Software Security program.
  •       Collaborate with product development and solution delivery teams to provide expertise and support for information security matters.
  •         Contribute to security planning, assessment, risk analysis, certification, and awareness activities with product teams and developers.
  •         Continuously assess, measure, and monitor information security risk by performing software vulnerability assessments and penetration tests.
  •         Identify weak or missing security controls and security vulnerabilities.
  •         Actively manage and drive security vulnerability remediation efforts across the organization
  •         Research and evaluate current or emerging security technologies to support cybersecurity initiatives.
  •         Maintain compliance to security policies, standards, procedures.
  •         Responsible for identifying and collecting relevant information security metrics.
  •         Measure performance indicators of program activities and effectively communicate status to stakeholders.
  •         Review existing policies and procedures and work with management to keep them updated.
  •         Stay abreast of emerging threats, vulnerabilities, and be active in the security community.
  •         Establish and maintain strong relationships with product teams and developers.

What will make you successful:

Must have: 

  •         BA or BS degree in Computer Science, IT/MIS, Information Assurance, or equivalent work experience required.
  •         3+ years of experience working in an Information Security role.
  •         (At least 2 of the following) Relevant security testing certifications: CEH, OSCP, GPEN, GWAPT, GXPN or GMOB
  •         GSEC certification (GIAC Security Essentials Certification)
  •         At least 3 years exp Web application vulnerability identification, including extensive OWASP knowledge, such as cross-site scripting (XSS), sessions hijacking, Injection, CSRF, and other attack vectors.
  •         Application security testing experience such as Veracode and Qualys (medium level requirement)

Nice to have (Preferred): 

  •        Penetration testing techniques to find Remote code execution, Buffer overflow, Privilege escalation, Database injection, Exploiting payloads, Path injection, etc.
  •         Strong knowledge and experience with static and dynamic code security assessment tools
  •         Java & JavaScript development
  •         Strong understanding of cryptography and commonly used protocols
  •         Experience working with continuous integration and continuous delivery CI/CD pipeline automation.
  •         Administration and hardening of Linux and Windows systems.
  •         Working knowledge of Docker, Kubernetes, Puppet, and Terraform
  •         Strong understanding of industry standards and frameworks (NIST, ISO, CIS, OWASP, PCI DSS)
  •         Good understanding of FFIEC, GDPR, GLBA, and HIPAA regulations
  •         Experience working with AWS and Azure solutions.
  •       Experience working in a financial technology, banking, or financial services environment.  

About You?

We welcome talent at all phases of their career through understanding and supporting additional needs (where applicable) as we look to innovate, win, and grow together.

Bottomline is proud to be an equal opportunity employer. We are committed to treating all individuals in a fair and equal manner by creating an inclusive and open environment.

Cyber Security Jobs by Category

Remote jobsFull Time jobsAnalyst jobsJavascript jobsApplication Security jobsWindows jobs

Cyber Security Salaries

Remote SalaryFull Time SalaryAnalyst SalaryJavascript SalaryApplication Security SalaryWindows Salary