Narvar is growing! The security assurance team is a part of the central information security function which is primarily responsible for securing applications that run the Narvar business, payment stack products. Security assurance team helps to secure platforms, applications (sdk, web, mobile) and the cloud-based infrastructure on which Narvar services are built to handle end to end platforms for payments. We need passionate ethical hackers who derive purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses.
The pace of our growth is incredible – if you want to tackle hard and interesting problems at scale, and create an impact within an entrepreneurial environment, join us!
As a senior - product security analyst in Narvar, you will collaborate with other security and engineering teams on identifying vulnerabilities in our applications, & platform while improving visibility and implementing application security best practices throughout secure SDLC and would also be responsible for working with developers to remediate the findings, provide fix recommendations, train the developers to implement secure coding practices, Code and Automate deployment of various tools in CI/CD.
Day-to-day
- Drive various security initiatives in not only application/product security but also in other security domains such as infosec, network, risk and compliance standards.
- Collaboratively work with application engineering / architect / development / product teams and guide them to follow the Security gates set as per Narvar application security process
- Evaluate application security processes as it relates to application, risk management, threat modeling, security testing, compliance, penetration testing, and security tooling and provide process governance as well as though leadership concerning adjusting to future needs
- Liaison with engineering, architect and tech teams to address the internal & external requests related to AppSec
- Coordinate security training for the Narvar development staff to ensure AppSec policy management to ensure control standards and policies are up to date and consistently followed
- Coordinate leadership team and manage weekly / weekly & monthly meetings
- Manage and update Key Performance Indicators (KPI’s) for the application security assurance program and for team
- Implement and support integrations with Application Security tools including SAST, DAST, and OS vulnerability scanning
- Work with multiple product development teams to identify and implement product security improvements
- Integrate automated Application Security scanning into the Build CI/CD pipeline.
- Work as part of the AppSec team using Agile methodologies
- Lead AppSec for SDLC programs such as the Security Champions program, AppSec Certification program, and numerous company wide security events
What we are looking for
- Bachelor’s degree in information technology or other related fields
- Very strong security mindset
- At least 7-10 years of working experience in domains related to product security
- In-depth knowledge of security vulnerabilities not just limited to OWASP Top 10
- Experience in doing security assessments on web applications, Android and iOS mobile applications in microservice architecture
- Experience in using the security tools to carry out the manual as well as automated security assessments
- Experience with Application Security tools including SAST, DAST, and OSS vulnerability scanning
- Experience working with product development teams to identify and implement security improvements
- Experience working in a team environment using Agile methodologies.
- Knowledge and experience performing security assessments of web and mobile applications
- Deep knowledge of OWASP top-10 / CWE/SANS Top 25 and a deep understanding of web application and mobile app vulnerabilities
- Knowledge of the following technologies: Kubernetes, container, Docker, Jenkins
- Strong foundation in core information security principles and concepts (HTTPS, TLS, OAuth, etc.)
- Working knowledge of common languages such as Python, Go, JavaScript, Java, .Net.
- Experience in public cloud security deployment and implementation practices (AWS/Azure/GCP)
- Experience with audits and standards requirements such ISO 27001, PCI-DSS, SOC 1 & 2, NIST
- Good understanding of information security policies, practices, and standards
- Ability to implement and drive information and data security initiatives
- Exposure to multiple security engineering disciplines such as application security, secure software development, cryptography, network security, system security, and security policy
- The desire to solve security challenges at scale, and work on securing the next generation of applications powering the most sophisticated customer engagement platform ever built
- Experience in providing practical solutions that enable product teams to meet business goals while controlling security risk
- Ability to solve problems at their root and step back to understand the broader context.
- Deep understanding of the interplay between attack and defense. Familiarity with current network security and application security tools and how to apply them
- Ability to promote secure design principles and a security-focused outlook across Narvar
Why Narvar?
We're on a mission to simplify the everyday lives of consumers. Post-purchase is a critical phase of the customer journey. That's why we created Narvar - a platform focused on driving customer loyalty through seamless post-purchase experiences that allow retailers to retain, engage, and delight customers. If you've ever bought something online, there's a good chance you've used our platform!
From the hottest new direct-to-consumer companies to retail’s most renowned brands, Narvar works with GameStop, Neiman Marcus, Sonos, Nike, and 1300+ other brands. With hubs in San Francisco, Atlanta, London, and Bangalore, we've served over 125 million consumers worldwide across 10+ billion interactions, 38 countries, and 55 languages.
Pioneering the post-purchase movement means navigating into the unknown. Our team thrives on this sense of adventure while nurturing a mindset of innovation. We're a home for big hearts and we leave our egos at the door. We work hard but we always make time to celebrate professional wins, baby showers, birthday parties, and everything in between.
We are an equal-opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
#LI-SA1
#LI-Hybrid
Please read our Privacy Policy to learn what personal information we collect in connection with your job application, and how we may use and share it.