Senior Application Security Analyst

BBPOS is one of the world leaders in payment devices and the inventors of mPOS technology. BBPOS products are used by large retailers and leading online platforms across multiple industries.  BBPOS is engaged in the business of manufacturing and supplying mobile and smart point-of-sale hardware, and the underlying software and infrastructure to deploy, manage, and monitor those devices.  BBPOS is now part of Stripe’s Terminal business since the acquisition in March 2022.  

Post acquisition, the BBPOS team is now an extension of the Stripe Terminal team.  Stripe Terminal helps Stripe users extend their online presence into the physical world. The Terminal team’s mission is to make it as easy for businesses to accept in-person payments as the Stripe API has done for online payments. With Terminal, businesses can unlock in-person payments use cases that are right for their business model—whether it’s creating a flagship retail experience, extending their website to a pop-up store, or enabling a mobile point-of-sale at their next event. 

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities.

Responsibilities:

• Conduct vulnerability assessments, threat modeling, and penetration testing of web applications to identify security vulnerabilities and weaknesses.
• Perform code reviews and analyze application designs to identify and mitigate security risks.
• Develop and implement secure coding standards and practices for application development.
• Collaborate with the software team to integrate security into the software development life cycle (SDLC) and assist in setting up the security pipeline for integration.
• Provide guidance and recommendations to the software team on how to remediate identified security vulnerabilities and weaknesses.
• Participate in all security-related initiatives such as bug bounty programs, hacker challenges, and penetration tests, and assist in defining the scope and testing approach for all assessments or programs.
• Engage in incident response activities, triage, investigate, and respond to security incidents.
• Stay up-to-date with the latest security threats, vulnerabilities, and technologies.
• Report to the Cyber Security Manager.

Requirements:

• Bachelor's degree in computer science, information security, or a related field.
• 2+ years of experience in an application security role.
• Strong knowledge of web application security concepts and techniques.
• Experience with vulnerability assessment and penetration testing tools, such as Burp Suite, Nmap, and Metasploit, will be an advantage.
• Experience with programming languages, such as Java, Python, and .NET.
• Familiarity with web application development frameworks, such as Spring and React.
• Knowledge of security standards and frameworks, such as OWASP, NIST, and ISO.
• Understanding of cloud service providers and their offerings, preferably AWS, and its technologies and services will be an advantage.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Candidates with less experience will be considered for the role of Application Security Analyst.