Application Cybersecurity Engineer
- Mentor, OH
Let’s face it. Everyone prefers shopping in their pajamas at home over traveling to the mall. CardinalCommerce, a Visa company, works to make online shopping as safe and easy as possible. For over two decades, we’ve been bringing merchants, issuers, and shoppers together in an experience where everybody wins. With singular focus, proven technology, and dedicated service, we are continuously raising the bar for payment authentication around the world. We put authentication first because we believe digital commerce should be safe, rewarding and engaging for everyone involved in the process.
Join us on this journey. At Cardinal, we’re a group of genuine, dependable, and hardworking people who are treated right with flexible work schedules, a fun company culture and unbeatable benefits. See why we’re one of the leading FinTech companies in Northeast OH.
Cybersecurity is at the beating heart of our culture. Our diligence and expertise is what makes us the undisputed leader in electronic payments. We’ve made it our priority to create a top-tier Security Architecture team, poised to defend us against any potential cyber threats. We’re looking for those of you who are inherently driven and fascinated by the art and science of cyber defense. We’ll arm you with the very best tools and tech so that you can deliver top notch results.
The Application Cybersecurity Engineer will analyze software designs and implementations from a security perspective and identify and resolve security issues. Will be responsible for will including the appropriate security analysis, defenses and countermeasures at each phase of the software development lifecycle, to result in robust and reliable software. Manage cross-functional internal and external team collaboration, evangelization, and communications.
What you'll do:
● Help define consistent Secure Software Development Lifecycle practices for all technology projects throughout the planning and delivery cycles that assure that application security risks are mitigated
● Ensure end-to-end security of products by hands on testing, hypothesizing threats, helping development teams remediating risks upfront and championing secure implementation efforts
● Improve secure coding practices, application security requirements, automation, training, and metrics
● Integrate threat modeling practices into the Software Development Lifecycle
● Help build secure products and standards around emerging technologies and using existing standards and security practices
● Perform Security Architecture and Low-Level Application Security Design review involving: Data Protection, Authentication and Authorizations, Web Application Security and Network Security
● Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals
● Collaborate with product and solution teams to achieve Cybersecurity software security program objectives
What we need you to have:
● Minimum of a Bachelor’s Degree in Computer Science, Information Technology, or other related field
o In lieu of a Bachelor’s degree, the candidate will have at least 4 years of hands-on work experience with appropriate industry certifications.
● 2+ years of work experience in the techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation.
● Deep understanding of OWASP Top 10 and CWE 25; with a proven track record in implementing and integrating remediation strategies.
● Extensive knowledge of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment.
● Deep knowledge and experience with DAST, SAST, and fuzzing tools and techniques.
● Able to negotiate and bring consensus to diverse priorities of product development and solution teams
● Experience with application design, penetration testing, application risk and risk categorization.
What we would love you to have:
● Well versed (experience preferred) with driving and implementing secure development practices into SDLC (SSDLC); ability to successfully integrate security into a developer’s world
● Success in implementing effective Secure SDLC frameworks across a large corporation.
● Ability to effectively present and communicate security threats and risks to ANY audience and impress upon them the mitigation techniques and strategies
● familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.
● Highly effective communicator; well-honed influencing and negotiating skills
● CISSP, CEH, GCIH, and similar security certifications
● Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers, and reach with hands and arms. Cardinal/Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Cardinal/Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.
Visa will consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.
Back to top