Senior Application Security Engineer
We’re looking for an individual who’s a subject matter expert within the application security domain. In this role, you will work closely with product engineering teams to define application security standards, perform red team operations across multiple departments and teams, code reviews, support vulnerability triage, provide secure development education and participate in secure design reviews across our platform and product.
Our clients entrust FloQast with their financial data and as such it is our mission to deliver features that provide resilience, confidence and trust in our platform. We believe in scaling security through software engineering best practices and automation. You'll play a fundamental role in shaping the future of security at FloQast and your work will have significant impact and visibility.
FloQast is headquartered in Los Angeles, CA and we are seeking US Based REMOTE Engineers.
Visa sponsorship is NOT available at this time.
What you’ll do…
- Participate in architecture design reviews with senior engineering and product management staff to incorporate effective threat modeling and security standards into product design.
- Educate and train product engineering teams on security concepts and skills, extending AppSec's reach by deputizing product teams to help themselves.
- Evaluate and instrument automation and tooling to ensure a security regression within any component of our platform does not occur.
- Expand our security detection and prevention capabilities throughout the FloQast platform.
- Conduct red team operations against FloQast customer-facing products, platform, internal environments and teams.
- Develop security standards, preferred implementation patterns, secure common frameworks, developer documentation and educational materials.
- Explain and demonstrate vulnerabilities to application/system owners, and provide recommendations for mitigation.
- Advise senior management on perceived risks and work to determine an acceptable risk appetite while weighing overall business and usability impact.
- Stay abreast of new and emerging security technologies and paradigms.
- Any other projects as assigned to help the Company meet its goals.
We’re looking for someone with...
- 5+ years of experience with auditing web applications.
- 3+ years using at least one high level programming language e.g. Node.js, Python, Go, Java, Ruby.
- Experience utilizing web application security scanning software and penetration testing tools e.g. Burp Suite, ZAP, Nessus, Qualys, Metasploit, CANVAS, Nuclei, Cobalt Strike.
- Experience and desire conducting security training for developers and the security team.
- Experience performing threat modeling and secure design review in order to assess the security implications and requirements of new systems and technologies.
- Experience building or working with distributed multi-tier web server-client architectures.
- Experience with cloud environments AWS or Azure.
- Strong foundational understanding of network and application fundamentals and best practices; e.g. HTTP, DNS, VPN, SAML, OAuth, OpenID etc.
- Strong understanding of OWASP Top 10 vulnerabilities in web applications, including XSS, SSRF, IDOR, RCE, CSRF vulnerabilities.
- Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM)
- Experience implementing security practices in automated CI/CD pipelines for application code, infrastructure, and/or serverless is a plus.
- Strong sense of ownership, urgency and drive.
- Strong ability to lead cross-team initiatives and communicate proposals and ideas concisely.
Nice to have attributes…
- Strong experience with AWS and/or Azure.
- Strong experience with Node.js, Python, React.
- Experience securing multi-tenant enterprise SaaS products.
- Knowledge of common compliance frameworks e.g. SOC, SOX, PCI and ISO standards.
- Security certifications e.g. CISSP, OSCP, OWSP
About FloQast www.floqast.com
Recognized as a 2021 Technology Fast 500 by Deloitte, FloQast is the leader in accounting workflow automation created by accountants for accountants. The cloud-based, AI-enhanced software is trusted by more than 1,500 accounting teams, including those at Snowflake, Twilio, Instacart, Zoom, and The Golden State Warriors. In July 2021, FloQast raised a $110 million Series D at a $1.2 billion valuation — and we’re growing!
What We Do
By automating common accounting workflows and helping to streamline and make them more efficient, FloQast is the place where accounting teams want to work so they can focus on what matters most, even when that’s just logging off on time. Whether automating reconciliations, documentation requests, or streamlining recurring accounting processes, such as the month-end close, financial reporting, or payroll, FloQast enhances the way accounting teams already work to help them operate more efficiently. Learn more at FloQast.com.
Here’s Why You Should Apply- What is engineering working on? Our FQ Engineering Blog showcases a number of our recent efforts straight from the engineers working on them. Check it out!
- When we say our customers’ success is our priority, we’re not lying. Check us out on G2 Crowd and read a few of the 275+ 5-star reviews!
- Why do 95% of reviewers on Glassdoor say they would refer FloQast as an employer to a friend? Maintaining a collaborative, open, and fun company culture regardless of where FloQasters are located can be tricky, but we’re up to the task. Check out what actual FloQast employees have to say on Glassdoor.
- FloQast offers competitive compensation, stock options, full benefits, and a positive and supportive work environment
- FloQast is regularly rated as one of the best places to work: - Inc. Magazine’s Best Workplaces in 2021 - Best Places to Work by LA Business Journal since 2017 - Built In’s Best Place to Work in Los Angeles since 2018
FloQast, Inc is committed to operating fair and unbiased recruitment procedures allowing all applicants an equal opportunity for employment, free from discrimination on the basis of religion, race, sex, age, sexual orientation, disability, color, ethnic or national origin, or any other classification as may be protected by applicable law. We aim to recruit the right people for the jobs we have to offer, and to assess applications on the basis of relevant skills, education, and experience. We welcome people of different backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and strive to provide a professional and welcoming workplace for all employees.
If you are a Colorado, Connecticut, or New York City resident, please contact us by emailing email@example.com to receive compensation and benefits information for this role. Please include the job title in the subject line of the email
* Salary range is an estimate based on our salary survey 💰
Tags: Application security Audits Automation AWS Azure BSIMM Burp Suite CI/CD CISSP Cloud Cobalt Strike Compliance CSRF DNS Java Metasploit Nessus Node.js OpenID OSCP OWASP Pentesting Python Qualys Red team Ruby SaaS SAML SAMM SSRF VPN Vulnerabilities XSS
Other jobs like this
Senior Security Engineer - Compliance OperationsCI/CD Cloud Compliance Computer Science DevOps FedRAMP GDPR +9
401(k) matching Career development Competitive pay Equity Health care +1
Explore more Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Infrastructure Security Engineer jobs
- Open Information Security Officer jobs
- Open Head of Information Security jobs
- Open IT Security Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open Senior Penetration Tester jobs
- Open SOC Analyst jobs
- Open Lead Security Engineer jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Air Defense/BMD Subject Matter Expert jobs
- Open Senior SOC Analyst jobs
- Open Cyber Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Staff Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Information Security Specialist jobs
- Open Application Security Engineer/Architect jobs
- Open Staff Product Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Offensive Security Engineer jobs
- Open Security Researcher jobs
- Open Pentesting-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Clearance-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open CISM-related jobs
- Open CISA-related jobs
- Open CI/CD-related jobs
- Open SQL-related jobs
- Open Finance-related jobs
- Open Security assessment-related jobs
- Open DevSecOps-related jobs
- Open PowerShell-related jobs
- Open IDS-related jobs
- Open Splunk-related jobs