Pushpay exists to bring people together by strengthening community, connection, and belonging. As the leading provider of mobile apps and giving technology to churches, schools, and nonprofits, Pushpay helps organizations and their communities stay connected anytime, anywhere.
About the Team:
Working alongside the Site Reliability Engineering and Product Engineering teams you will be embedded within a continuous delivery environment advocating for the product and organizational security. We are dedicated to the philosophy that security should be an enabler of the business and are constantly looking for ways to improve how we support and respond to the needs of the business.
About the Position:
We are looking for a security-minded, enthusiastic, smart and friendly Information Security Analyst to join our Auckland, NZ team. Your focus will be on product and platform security. You will work with engineers to help them design and implement secure solutions. You’ll be working collaboratively with a US based security analyst as well as the site reliability, engineering, product management and design team members to help us deliver secure solutions to our customers. This role reports to the Director of Site Reliability Engineering.
- Working with product and engineering to ensure that security is considered in all parts of the software development lifecycle, through the development of processes, practices, analysis, reviews, education and coaching.
- Research new application security practices and implement them to improve application security
- Consult with other business units to provide security advice and assistance
- Configure and maintain security and monitoring tools and services
- Build and maintain our security-related tools that will improve the maintainability and security of our platform and the pace of development
- Partner with engineering teams to coordinate web application penetration tests, perform automated vulnerability scans, risk assessments and our regular PCI compliance tasks
- Perform critical web application security assessments, vulnerability scanning and testing
- Manage security-focused training program for Pushpay’s development team
- Manage and support the PCI compliance requirements
- Develop and maintain information security policies together with security team
- Conduct research on emerging security threats and potential customer impact
- Respond to technical security questions and concerns from across the business
- Incident management of security incidents or complex changes
- 5+ years experience with information technology security programs, audits, controls, assessments, risk assessments or remediation management preferably in a software development environment
- Knowledge of OWASP and other software security best practices
- Demonstrated expertise in effectively managing stakeholder expectations and communications
- Passion for deepening the technical knowledge of the broad aspects of information security
- A broad mix of business and technical skills coupled with a strong desire to learn
- Experience with external security standards (PCI, SOC2, ISO 27001 etc.)
- Knowledge of secure software development lifecycle (S-SDLC) or DevSecOps
- Industry certification (i.e. CISA, CISSP, SANS GIAC, etc.)