Senior Application Security Analyst

<div class="content-intro"><h2><strong>Who we are</strong></h2> <h3><strong>About BBPOS</strong></h3> <p><span style="font-weight: 400;">BBPOS is one of the world leaders in payment devices and the inventors of mPOS technology. BBPOS products are used by large retailers and leading online platforms across multiple industries.&nbsp; BBPOS is engaged in the business of manufacturing and supplying mobile and smart point-of-sale hardware, and the underlying software and infrastructure to deploy, manage, and monitor those devices.&nbsp; BBPOS is now part of Stripe’s Terminal business since the acquisition in March 2022.&nbsp;&nbsp;</span></p> <h3><strong>About the team</strong></h3> <p><span style="font-weight: 400;">Post acquisition, the BBPOS team is now an extension of the Stripe Terminal team.&nbsp; Stripe Terminal helps Stripe users extend their online presence into the physical world. The Terminal team’s mission is to make it as easy for businesses to accept in-person payments as the Stripe API has done for online payments. With Terminal, businesses can unlock in-person payments use cases that are right for their business model—whether it’s creating a flagship retail experience, extending their website to a pop-up store, or enabling a mobile point-of-sale at their next event.&nbsp;</span></p> <p><span style="font-weight: 400;">Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities.</span></p></div><p>Responsibilities:</p> <ul> <li>Conduct vulnerability assessments, threat modeling, and penetration testing of web applications to identify security vulnerabilities and weaknesses.</li> <li>Perform code reviews and analyze application designs to identify and mitigate security risks.</li> <li>Develop and implement secure coding standards and practices for application development.</li> <li>Collaborate with the software team to integrate security into the software development life cycle (SDLC) and assist in setting up the security pipeline for integration.</li> <li>Provide guidance and recommendations to the software team on how to remediate identified security vulnerabilities and weaknesses.</li> <li>Participate in all security-related initiatives such as bug bounty programs, hacker challenges, and penetration tests, and assist in defining the scope and testing approach for all assessments or programs.</li> <li>Engage in incident response activities, triage, investigate, and respond to security incidents.</li> <li>Stay up-to-date with the latest security threats, vulnerabilities, and technologies.</li> <li>Report to the Cyber Security Manager.</li> </ul> <p>&nbsp;</p> <p>Requirements:</p> <ul> <li>Bachelor's degree in computer science, information security, or a related field.</li> <li>2+ years of experience in an application security role.</li> <li>Strong knowledge of web application security concepts and techniques.</li> <li>Experience with vulnerability assessment and penetration testing tools, such as Burp Suite, Nmap, and Metasploit, will be an advantage.</li> <li>Experience with programming languages, such as Java, Python, and .NET.</li> <li>Familiarity with web application development frameworks, such as Spring and React.</li> <li>Knowledge of security standards and frameworks, such as OWASP, NIST, and ISO.</li> <li>Understanding of cloud service providers and their offerings, preferably AWS, and its technologies and services will be an advantage.</li> <li>Strong analytical and problem-solving skills.</li> <li>Excellent written and verbal communication skills.</li> <li>Candidates with less experience will be considered for the role of Application Security Analyst.</li> </ul><div class="content-conclusion"><p>For more information of the BBPOS and our career opportunities, please visit our website www.bbpos.com</p> <p>We offer long-term career prospect and competitive remuneration package to the appointed candidate.</p> <p>Personal data collected will be used for recruitment purposes only. Applicants not contacted within 8 weeks of applying should consider their applications unsuccessful.</p></div>