The Principal Application Security Engineer is a key member of the Information Security team at Green Dot Corporation. The Engineer will primarily be responsible for leading the development, implementation and maintenance of the Application Security program across all IT development groups. This is a hand's on position that works very closely with development teams, product owners, and other groups in IT. It requires someone who has had a great deal of application development and coding experience combined with a very deep understanding of Information Security and Secure Coding principles. The individual must also have a passion for taking those sets of deep understanding and be passionate about helping others, mentoring and training the people around him or her.
* Enhance the Application Security program through a very close collaboration with all Green Dot development teams. * Review application security controls and designs prior to live implementations of new features or products. * Lead application development teams through threat modeling exercises. * Identify application security risks and requirements for new projects and system developments. * Develop security test plans and integrate into the software development lifecycle. * Oversee security testing and ensure vulnerabilities are appropriately managed. * Monitor and proactively report on current threats and vulnerabilities to application security. * Conduct ad hoc penetration testing. * Work with 3rd party suppliers to promote secure design and security testing. * Prepare and monitor operational security metrics and trends. * Lead the assessment and acquisition of application security tools and technologies. * Evaluate new security technology & trends, and then makes recommendations to strengthen our information security environment. * Evangelize secure code development practices internally. * Participate as a subject matter expert in the Green Dot incident response program * Mentor junior members of the Application Security team.
* 5 years in a development role and 7-10 years in an application security * In depth knowledge of application security vulnerabilities, testing techniques, and the OWASP framework. * Understanding of Agile Scrum development methodologies. * Strong understanding of cryptographic algorithms and protocols * In depth understanding of secure web application development, .Net, C#, web services and SOAP * In depth knowledge of SQL database architectures and database query languages. * In depth knowledge of regulations and security compliance requirements such as PCI DSS, GLBA, and SOX. * Good communication in English, both oral and written (presentations, technical reports and proposals); * Strong analytical, evaluative, and problem-solving abilities; * Membership and active participation in security organizations, such as OWASP, ISSA, and SANS is preferred. * Security qualifications, CISSP and/or CCSP certification preferred. * Familiarity with cryptographic principals, and common encryption schemes such as symmetric/asymmetric encryption, hashing, SSL/TLS, IPSec, PGP, S/MIME, SSH, PKI.
About Green Dot
Green Dot is a company providing prepaid debit cards and cash reload processing services.