Associate Application Security Analyst

　　Location PA, Malvern

　　Department Information Technology

　　Employment Type Full Time

　　Have you ever used the self-checkout? Played the slots at a Casino? Maybe you grabbed a drink from a vending machine or paid to park your car? If you’ve answered with a resounding “YES”, then you’ve done so with the aid of one of the 10 million devices installed by Crane Payment Innovations (CPI).

　　We make the technology that powers your everyday life, enabling more than 4 billion transactions every week in more than 143 currencies worldwide. From cash and coins to cards and mobile, we keep the world of payments moving with smart validation devices and business management software.

　　Headquartered in Malvern, PA, CPI is supported by: >2,500 global associates, 7 manufacturing sites, 12 corporate offices and 43 service branches.

　　WHAT YOU’LL BE DOING

　　As an Associate Application Security Analyst, you will be responsible for helping to ensure our products remain safe and secure. This position provides a critical independent overview of the security for our devices and applications. It is responsible for compliance with industry standards via gap analysis, penetration tests, scans, and physical audits of firmware developed for devices and applications related to CPI products and services.

　　The Associate Application Security Analyst will have a direct impact on our IT and Engineering groups, and will be responsible for:

　　CPI’s PCI (Payment Card Industry) Compliance.

　　Work with external agency to ensure CPI is in compliance and certified.

　　Provide consultation to business on PCI compliance requirements.

　　Ensure CPI products are designed, shipped, and maintained in accordance with the Device and Applications Security policies.

　　Work with engineering to ensure security measures are incorporated in the Policies and the Software Development Process (SDP) – monitor on on-going improvements.

　　Audit software/firmware releases for compliance to the standards and any vulnerabilities.

　　Milestone approvals for device and application security elements.

　　Manages product vulnerabilities and Open-Source software throughout the software development lifecycle.

　　Manages and runs code scanning tools in CPI DevSecOps pipelines. Audits existing field base; and any software updates (embedded, application, configuration) prior to release.

　　Management and support of CPI’s HSM Cryptographic infrastructure.

　　Create and manage PKIs for products.

　　Manage and administer Appsec API.

　　Continuous improvements of CPI’s security policies and processes

　　Regular document reviews.

　　Provide security training for Engineering and IT on an annual and as requested basis.

　　WHO WE’RE LOOKING FOR

　　You will bring security process experience with well demonstrated success in software/firmware development.

　　Qualifications and Requirements

　　Bachelor's degree in engineering, computer science or related field, or equivalent combination of education, training and experience

　　Minimum of 5 years of the following experience:

　　Knowledge of security vulnerability / penetration processes

　　Software or firmware development

　　Test engineering or technical audit experience desired

　　Knowledge of software development tools

　　Leadership and Coaching

　　Problem Solving

　　Additional experience – desired

　　PCI knowledge/experience

　　Technical knowledge of CPI products

　　Ability to travel up to 10%

　　Personal Attributes

　　Action Oriented: You display a sense of urgency and are known for being a timely decision maker.

　　Analytical Thinker: You need to have insight and enjoy solving problems.

　　Creative: You are innovative and resourceful.

　　Flexible: You are comfortable wearing many hats and able to shift priorities as needed.

　　Focused on Performance: You manage time and priorities effectively.

　　Comfortable with innovation: You have passion for continuous improvement and are always seeking a better way to do things.

　　Organized: You assemble all necessary materials and information before starting a task.

　　Quality written communication: Your writing is concise and descriptive, and you believe it is necessary to “overcommunicate” project status/updates.

　　WHAT WE’RE OFFERING

　　Flexible work environments

　　Defined career growth plans with opportunities to go outside of your “comfort zone”

　　“Team Building activities that support innovation”

　　Generous paid time off, including sick and holiday

　　Medical, dental, & vision insurance

　　401K with Company contribution

　　Flexible spending accounts

　　Life insurance and disability benefits

　　Discounts for childcare

　　Tuition assistance

　　Community involvement and volunteering events

　　Opportunities to travel and work at our global sites

　　Sound interesting? Come see why we are OneCPI!

　　CPI is part of Crane NXT

　　Crane NXT is a premier industrial technology company that provides proprietary and trusted technology solutions to secure, detect, and authenticate what matters most to its customers. The company is a pioneer in advanced, proprietary micro-optics technology for securing physical products, and its sophisticated electronic equipment and associated software leverages proprietary core capabilities with detection and sensing technologies. Crane NXT has approximately 4,000 employees with global operations and manufacturing facilities in the United States, the United Kingdom, Mexico, Japan, Switzerland, Germany, Sweden, and Malta. For more information, visit www.cranenxt.com.

　　Crane Payment Innovations is committed to hiring a diverse workforce. Applicants will receive consideration without regard to race, color, religion, sex, gender identity, sexual orientation, age, disability, military status, or national origin or any other characteristic protected under federal, state, or applicable local law.

　　#TH-LI1