Hi there! Have you noticed that the restaurant industry is changing?
We are PAR and our purpose is:
To deliver solutions that connect people to the restaurants, meals, and moments they love.
At PAR Technology, our relentless drive for innovation and unwavering commitment to customer success are at the heart of everything we do. We lead the restaurant and retail industries by ensuring that our products—from point of sale systems to loyalty programs, digital ordering, restaurant operations solutions, payment services, and hardware—work "better together." This unified approach, fueled by over 40 years of experience, amplifies our ambition to not just meet but exceed the evolving needs of our global clientele. By optimizing integrations into all leading restaurant solutions, we're not just creating technology; we're crafting a future where operations are streamlined, experiences are enhanced, and every interaction is an opportunity for growth.
We're dedicated to fortifying the web infrastructure of our products, focusing on mitigating risks associated with the OWASP Top 10 vulnerabilities and beyond. As a Senior Application Security Engineer, you will play a pivotal role in securing our web applications developed in Ruby, Go, Python and PHP as well as drive initiatives to enhance the security of our iOS & Android mobile applications. This role involves conducting security assessments, implementing security tools and processes within CI/CD pipelines, and working closely with development teams to prioritize and remediate vulnerabilities.
WHAT YOU WILL DO:
Perform in-depth security assessments for both web and mobile applications, utilizing advanced methodologies beyond the OWASP Top 10 and OWASP MSTG, to uncover and remediate complex security issues. Spearhead the adoption of security measures in mobile and web application development, focusing on reducing vulnerabilities across an extensive catalog of internally developed applications. Craft comprehensive security frameworks tailored to the specific technologies and languages used in your organization’s SaaS platforms. Actively work with development teams to embed security practices within the Agile and DevOps workflows, ensuring security is an integral part of the software development life cycle (SDLC). Lead the design and implementation of automated security testing and monitoring frameworks, emphasizing the scalability and continuous improvement of security postures. Evaluate, select, and manage a dynamic set of security testing tools, keeping the toolset up-to-date with the latest in both open source and commercial offerings to address emerging threats. Serve as the go-to security experts for development teams, offering both strategic advice and hands-on assistance in coding practices, vulnerability remediation, and threat modeling. Develop and conduct security awareness and training programs tailored to developers, focusing on secure coding practices, recognizing security threats, and implementing preventive measures. Create and update security policies and standards that align with industry best practices and regulatory requirements, ensuring they are effectively communicated and adhered to across all development teams and third-party developers integrating with our public APIs. Play a key role in the incident response process, providing expert analysis and recommendations for rapid remediation of security incidents affecting web and mobile applications.
WHAT YOU NEED:
Extensive experience with web and mobile application development and security, covering various programming languages. Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent experience, with at least 5 years in IT security or related roles. Deep knowledge of security vulnerabilities in web and mobile platforms and proficiency with advanced security tools for detection and remediation. Skilled in JavaScript, front-end technologies, and familiar with security frameworks like OWASP Top 10 and NIST. Experience with web application testing tools such as Burp Suite, OWASP ZAP and others. Relevant certifications like GWAPT, CEH, OSCP, or CISSP are highly regarded. Strong analytical skills for risk assessment and developing mitigation strategies. Excellent communication skills for effective collaboration and leading security initiatives.
WHY YOU SHOULD WORK WITH US:
Join a forward-thinking team that values innovation and cutting-edge practices in cloud security and DevOps. Engage with a company culture that is deeply committed to continuous investment in our cloud infrastructure and security. Participate in a collaborative environment that encourages the growth and use of your diverse set of skills and expertise. Take an active role in shaping the future of our cloud services, deploying the latest technologies to create a resilient and secure cloud ecosystem.
PAR is proud to provide equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. We also provide reasonable accommodations to individuals with disabilities in accordance with applicable laws. If you require reasonable accommodation to complete a job application, pre-employment testing, a job interview or to otherwise participate in the hiring process, or for your role at PAR, please contact accommodations@partech.com. If you’d like more information about your EEO rights as an applicant, please visit the US Department of Labor's website.