Shift4 Payments (NYSE: FOUR) is a leading provider of integrated payment processing and technology solutions, delivering a complete omnichannel ecosystem that extends beyond payments to include a wide range of value-added services. The company’s technologies help power over 350 software providers in numerous industries, including hospitality, retail, F&B, e-commerce, lodging, gaming, and many more. With over 7,000 sales partners, the company securely processed more than 3.5 billion transactions annually for over 200,000 businesses in 2019. For more information, visit shift4.com.
We are searching for a detail-oriented Application Security Analyst to join our Security Team. The ideal candidate will have an established work history in the field of information security with a focus on web application security methods.
- Work with developers to refine security checkpoints in the SDLC that are based on the PCI Data Security Standard and other industry-accepted doctrine such as NIST SP 800-115 and/or ISO security standards.
- Develop secure coding standards that are based on industry-accepted best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities.
- Understand how to identify, exploit and remediate common application vulnerabilities through use of tools and code reviews.
- Work with information security analysts to refine web application penetration testing methods and breadth of security services.
- Perform penetration tests on web and mobile applications.
- Obtain and review all required artifacts as part of go, no go analyses at security checkpoint phases in the development cycle.
- Create automation tools with programming languages.
- Assist with periodic security risk assessments, IT security audits, and management reporting.
- Review and coordinate changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model.
- Act as cryptographic key manager
- Able to manage Application Security/ Threat Assessment with/without tools and Recommendation.
- Higher education in information security or computer science is desired, but can be substituted with a broader background in information security disciplines.
- Related certifications from the PCI, ISC2, ISACA, or GIAC organizations are a plus.
- Passion for application security
- Established work history as an information security practitioner.
- Demonstrated proficiency in software development, experience in at least one major programming language and one major scripting language.
- Familiarity with relational and distributed databases.
- Work experience with the PCI Data Security Standard and ITGC with a focus on web application security methods.
- Security risk assessment and systems security audit work experience.
- Knowledge of cryptographic keys.
- Experience working with dynamic and static security tools.
- Strong knowledge of web application vulnerabilities, exploits and remediation techniques.
- Excellent verbal and written communication skills.
- Ability to lift and move items weighing up to 50lbs without assistance.
- Self-starter with the ability to perform tasks as an individual contributor or as a project lead.
Shift4 Payments provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics.