[Hiring] Information Security Engineer III @InComm Payments

Role Description

As an Information Security Engineer III, you will work on securing applications across InComm Payments by integrating security tools into CI/CD pipelines, conducting threat modeling, and supporting incident response. The role involves:

• Integrating SAST tooling into CI/CD pipelines, ensuring compatibility and efficient scanning within development workflows.
• Providing tailored SAST integration support for development teams at varying maturity levels with diverse toolsets and security requirements.
• Analyzing application logs for anomalous patterns, communicating findings to leadership, and persuading them to take appropriate action.
• Participating in on-call rotation in support of WAF incidents.
• Validating security vulnerabilities identified by automated tools and fine-tuning configurations to minimize false positives and reduce noise.
• Developing threat models with development teams to help expose risks in their deliverables.
• Conducting regular assessments of security configurations and controls within Azure, AWS, and OCI environments.
• Assisting in investigating security incidents with CSOC and implementing corrective actions.
• Participating in application design and architectural reviews.
• Facilitating activities such as blue/red team events and bug bounty programs.
• Leading prioritization discussions to gain traction on important security issues.
• Acting as a liaison with 3rd parties performing vulnerability scans and penetration testing to validate findings and inform priorities and strategies for remediation.
• Drafting, evaluating, and monitoring compliance with application and development security standards.
• Ensuring development teams are validating for OWASP Top 10 and performing industry-leading application security practices.

Qualifications

• 5+ years of application security experience.
• Strong background with CI/CD processes and associated tooling, such as Jenkins, GitHub Actions, Azure Pipelines, or similar.
• Strong scripting experience – PowerShell, Python, etc.
• Extensive experience with SAST & DAST application scanning tools and knowledge of OWASP methodologies.
• Application security experience with high-level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP).
• Experience with Container technologies – Docker, Docker Swarm, Kubernetes.
• Experience in cloud security, specifically with Azure, AWS, and OCI, preferably in the Fintech or related sectors and multi-cloud environments.
• Knowledge of Web Application Firewalls (WAF).
• Experience with Identity and Access Management security solutions and protocols (e.g., SAML, OpenID, and OAuth).
• Experience with performing web, API, and mobile manual penetration testing; preparing reports to document findings; and presenting the report to development teams.
• Familiarity with regulatory controls and industry best practices such as HIPAA, PCI, HiTrust, NIST etc.
• Communication skills to create documentation, videos, and conduct training classes.
• Ability to manage multiple tasks simultaneously and meet established deadlines.
• Ability to collaborate with IT teams on security-related tasks and projects.
• Ability to work productively while remote and communicate effectively in a virtual team environment.
• Ability to stay current with new technology.

Company Description

InComm Payments is a pioneer in the payment (FinTech) industry, founded over 30 years ago. We have grown to a team of over 3,000 employees in 35 countries, owning over 400 global technical patents and a network that includes over 525,000 points of retail distribution.

We work with the most recognized and valued brands in the world and are highly focused on our people and their growth, valuing innovation, quality, passion, integrity, and responsibility.