Application Security Analyst
Job Details
Shift4 - Hillshire - Las Vegas, NV
Full Time
4 Year Degree
Up to 25%

Company Background:

Shift4 Payments (NYSE: FOUR) is a leading provider of integrated payment processing and technology solutions, delivering a complete omnichannel ecosystem that extends beyond payments to include a wide range of value-added services. The company’s technologies help power over 350 software providers in numerous industries, including hospitality, retail, F&B, e-commerce, lodging, gaming, and many more. With over 7,000 sales partners, the company securely processed more than 3.5 billion transactions annually for over 200,000 businesses in 2019. For more information, visit


Job Summary:

We are searching for a detail-oriented Application Security Analyst to join our Security Team.  The ideal candidate will have an established work history in the field of information security with a focus on web application security methods.



  • Work with developers to refine security checkpoints in the SDLC that are based on the PCI Data Security Standard and other industry-accepted doctrine such as NIST SP 800-115 and/or ISO security standards.
  • Develop secure coding standards that are based on industry-accepted best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities.
  • Understand how to identify, exploit and remediate common application vulnerabilities through use of tools and code reviews.
  • Work with information security analysts to refine web application penetration testing methods and breadth of security services.
  • Perform penetration tests on web and mobile applications.
  • Obtain and review all required artifacts as part of go, no go analyses at security checkpoint phases in the development cycle.
  • Create automation tools with programming languages.
  • Assist with periodic security risk assessments, IT security audits, and management reporting.
  • Review and coordinate changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model.
  • Act as cryptographic key manager
  • Able to manage Application Security/ Threat Assessment with/without tools and Recommendation.



  • Higher education in information security or computer science is desired, but can be substituted with a broader background in information security disciplines.
  • Related certifications from the PCI, ISC2, ISACA, or GIAC organizations are a plus.
  • Passion for application security
  • Established work history as an information security practitioner.
  • Demonstrated proficiency in software development, experience in at least one major programming language and one major scripting language.
  • Familiarity with relational and distributed databases.
  • Work experience with the PCI Data Security Standard and ITGC with a focus on web application security methods.
  • Security risk assessment and systems security audit work experience.
  • Knowledge of cryptographic keys.
  • Experience working with dynamic and static security tools.
  • Strong knowledge of web application vulnerabilities, exploits and remediation techniques.
  • Excellent verbal and written communication skills.
  • Ability to lift and move items weighing up to 50lbs without assistance.
  • Self-starter with the ability to perform tasks as an individual contributor or as a project lead.

Shift4 Payments provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics.