Senior Application Security Analyst

Q2 is focused on empowering returns on relationships for community-centered financial institutions and their consumer and commercial account holders. We do this with the most comprehensive, secure and adaptable smart banking platform of its kind, designed to deliver a compelling, consistent user experience on any device and enable customers to deliver secure, innovative services and increasingly, to generate new sources of revenue.

Q2 is seeking a Senior Application Security Analyst who is passionate about securing innovative products that scale to 400+ financial institutions. The Sr. Application Security Analyst will interact with stakeholders across Engineering, QA, DevOps, IT, Operations, and Product Management. If you enjoy working in a highly collaborative environment and approach every day with a burning passion for building and breaking systems, then Q2 wants you!

* Build a cross-functional group of Security-minded Engineers to amplify the infusion of Security into Q2’s application product portfolio. * Evangelize “Hack Yourself First” to build more resilient and secure systems. * Perform end-to-end testing of Q2’s web and mobile platforms. * Own the vulnerability management lifecycle from identification to remediation to reporting. * Perform code reviews and threat modeling alongside your Q2 Dev brethren. * Participate in internal user acceptance testing and test case creation for new product releases and enhancements. * Evaluate, implement, and leverage commercial and open-source tools to achieve test automation. * Conduct Security research to keep abreast of latest attack techniques and the evolving threat landscape. * Educate financial institutions on their Security findings. * Participate in monthly oversight meetings with Chief Security Officer to provide transparency and visibility into the critical and high vulnerabilities, development challenges, and roadmap direction.

**Experience & Knowledge:** * Bachelor’s degree in Computer Science, Engineering, Computer Security, Information Systems, or related field. * 2+ years of hands-on .NET or Java development. * Continuous integration/deployment tools (e.g., Bitbucket, Stash,Git, Github, Jenkins, etc.). * Web and mobile penetration testing and vulnerability research. * Static and dynamic application security testing (SAST and DAST). **Certifications:** * ISC2 CSSLP (Certified Secure Software Lifecycle Professional) * SANS GWAPT (Web Application Penetration Tester) * SANS GWEB (Web Application Defender)