Verifi, Inc., a Visa company, is currently hiring for a dynamic and collaborative Information Security Application Engineer!

This role will assist in the management of Verifi’s information security controls and work closely with Verifi’s Technology team including other functional areas, to ensure that compliance with Verifi’s Information Security Policies is maintained, while acting as a champion in promoting a culture of general data security.

At Verifi, you will be part of a dynamic environment that supports interdepartmental collaboration, fuels creativity and provides you with an opportunity to take ownership and play an intricate part in our company’s success.

You will work alongside the brightest and most remarkable individuals in the industry and you will have an immediate impact on our aspirations for global domination and disruption of the payments space. And you will do all this, while challenging your career, giving back to the community and creating new friendships.

Join Verifi and you join the leading solution in the ecommerce marketplace for payment and risk management.

Your responsibilities will include driving compliance, tech, product, and corporate projects by:

• Working in our Information Security department and enforcing our PCI DSS requirements
• Integrating secure coding practices in current CI/CD environments, performing secure code review, and assisting developers to mitigate business critical vulnerabilities and attack vectors in web applications
• Examining current development practices for insecure coding, insecure configuration, process improvements, and lack of integration coupled with being the driver of projects to address the risk or to simply continuously improve
• Enforcing a scalable implementation plan of Secure SDLC controls (e.g., SAST, DAST) that includes onboarding, remediation guidance, issue tracking and metrics
• Performing application/WAF log reviews and assessing for potential issues, along with initiating actions as appropriate
• Actively participating in aspects of incident response process, including first response, as needed
• Receiving and reviewing alert notifications, filtering and prioritizing as needed, then responding and coordinating with stakeholders and developers as needed
• Conducting proactive research in application security weaknesses and recommending appropriate strategies
• Representing Information Security during scheduled stand-ups, planning sessions, and general DevOps engagements
• Performing ad-hoc information security requests or additional duties as assigned as a member of the SOC
• Will be required to be available for after-hours and weekend on-call if needed; periodic travel may be required

You bring to the table your:

• 5+ years of experience in IT security, PCI DSS environment, internal controls and/or risk management
• Strong familiarity with SDLC methodologies such as Waterfall, Agile, CI/CD and DevSecOps
• Solid understanding of OWASP Top 10, Mitre attack framework, and principles of Secure Coding including integrating secure coding practices in current CI/CD environments, performing secure code review, assisting developers to mitigate business critical vulnerabilities and attacking vectors in web applications
• Proven ability to examine current development practices for insecure coding, insecure configuration, process improvements, lack of integration and be the driver of projects to address the risk or to simply continuously improve
• Experience enforcing a scalable implementation plan of Secure SDLC controls (e.g., SAST, DAST) that includes onboarding, remediation guidance, issue tracking and metrics
• Solid track record of performing application/WAF log reviews and assessing for potential issues and initiate actions as appropriate
• Experience actively participating in aspects of incident response process, including first response, as needed
• Proven ability in receiving and reviewing alert notifications, filtering and prioritizing as needed, then responding and coordinating with stakeholders and developers as needed
• Solid track record of conducting proactive research in application security weaknesses and recommending appropriate strategies
• Track record of representing Information Security during scheduled stand-ups, planning sessions, and general DevOps engagements
• Practical experience with Application Vulnerability scanning, Burp Suite, and security-based Linux Distros
• Working understanding of cryptography, firewalls, IDS, IPS, DLP, VPN, CASB, SSO, identity management, and network monitoring systems
• Experience working in 24/7 operational environments
• Exceptional interpersonal, written, and oral communication skills

Additional experience preferred, but not required:

• Understanding of financial and payment card processing industries

*Please note, the position is Temp, located in our Los Angeles office and offers:

• Dynamic, stimulating and open environment
• Paid parking and complimentary food
• Socially conscious and community-oriented company
• Energized employment filled with activities and events

#DI