About the position
Paciolan is the #1 primary ticketing company in college athletics, and the #2 largest primary ticketing provider in the US, including performing arts, arenas, and professional sports. As a leader in ticketing, fundraising, marketing, analytics, and technology solutions, we power more than 500 live entertainment organizations, selling over 120 million tickets a year. While we are the market leader in many areas, we will never act too big or move too slow as a company. At Paciolan, we come to work ready to innovate and succeed, and we always have fun doing it. You may not recognize our name because we white-label our consumer channels, but we create great products at scale—not just once a year on Black Friday, but every day when our events go on sale! As we continue to grow, we're looking for an exceptional Security Application Engineer III to join us on our journey. Our Security Engineers play a key role in safeguarding our web and mobile applications, directly impacting the security and trust of millions of users. This is a unique opportunity to shape the future of our products while advancing your career in a dynamic and rapidly evolving field of application security.
Responsibilities
- Conduct security assessments and vulnerability testing of web and mobile applications.
- Collaborate with development teams to integrate security best practices and principles throughout the SDLC.
- Identify, analyze, and mitigate security vulnerabilities and threats.
- Develop and implement security tools (e.g., static analysis, dynamic testing tools) to enhance application security.
- Conduct code reviews and provide guidance to developers on secure coding practices.
- Stay up-to-date with the latest security trends, vulnerabilities, and threats.
- Track and report on key security metrics to ensure visibility into security posture.
- Respond to security incidents and perform root cause analysis.
- Develop and maintain security documentation, including secure coding guidelines and vulnerability management procedures.
- Educate and train staff on security best practices and emerging threats.
- Participate in threat modeling and risk assessments during application design and development.
Requirements
- Bachelor's degree in computer science, Information Security, or related field, or equivalent practical experience.
- At least 4+ years of experience in application security, including web and mobile application security.
- Proficiency in security testing tools and methodologies (e.g., OWASP ZAP, Burp Suite, Snyk, Checkmarx, Fortify).
- Strong understanding of secure coding practices and principles.
- Experience with security frameworks and standards (e.g., SOC2, OWASP, NIST, ISO/IEC 27001).
- Knowledge of authentication and authorization protocols (e.g., OAuth, JWT, SAML).
- Familiarity with cloud security best practices (AWS, Azure, Google Cloud).
- Proficiency in Shift Left methodologies and DevSecOps practices, with hands-on experience using tools such as Gitlab for enhanced security integration throughout the SDLC.
- Excellent problem-solving skills and attention to detail.
- Strong communication and collaboration skills.
Nice-to-haves
- Relevant security certifications (e.g., CISSP, CEH, OSCP).
- Experience with DevSecOps practices and tools.
- Understanding of container security, Kubernetes, and microservices architecture.
- Basic understanding of network security principles is a plus.
- Experience with incident response and forensic analysis is a plus, but not required.
Benefits
- Medical, Dental, Vision, Health Savings Account, Life Insurance and Other Insurance Plans.
- Flexible Paid Time Off (including Parental Leave).
- Paid Holidays.
- 401(k).
- Short/Long Term Disability.
