Facebook pixel

Senior Application Security Engineer
Posted on 11/28/2022
Experience Level
Desired Skills
Microsoft Azure
Product Design
  • 5+ years of experience with auditing web applications
  • 3+ years using at least one high level programming language e.g. Node.js, Python, Go, Java, Ruby
  • Experience utilizing web application security scanning software and penetration testing tools e.g. Burp Suite, ZAP, Nessus, Qualys, Metasploit, CANVAS, Nuclei, Cobalt Strike
  • Experience and desire conducting security training for developers and the security team
  • Experience performing threat modeling and secure design review in order to assess the security implications and requirements of new systems and technologies
  • Experience building or working with distributed multi-tier web server-client architectures
  • Experience with cloud environments AWS or Azure
  • Strong foundational understanding of network and application fundamentals and best practices; e.g. HTTP, DNS, VPN, SAML, OAuth, OpenID etc
  • Strong understanding of OWASP Top 10 vulnerabilities in web applications, including XSS, SSRF, IDOR, RCE, CSRF vulnerabilities
  • Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM)
  • Strong sense of ownership, urgency and drive
  • Strong ability to lead cross-team initiatives and communicate proposals and ideas concisely
  • Participate in architecture design reviews with senior engineering and product management staff to incorporate effective threat modeling and security standards into product design
  • Educate and train product engineering teams on security concepts and skills, extending AppSec's reach by deputizing product teams to help themselves
  • Evaluate and instrument automation and tooling to ensure a security regression within any component of our platform does not occur
  • Expand our security detection and prevention capabilities throughout the FloQast platform
  • Conduct red team operations against FloQast customer-facing products, platform, internal environments and teams
  • Develop security standards, preferred implementation patterns, secure common frameworks, developer documentation and educational materials
  • Explain and demonstrate vulnerabilities to application/system owners, and provide recommendations for mitigation
  • Advise senior management on perceived risks and work to determine an acceptable risk appetite while weighing overall business and usability impact
  • Stay abreast of new and emerging security technologies and paradigms
  • Any other projects as assigned to help the Company meet its goals
Desired Qualifications
  • Experience implementing security practices in automated CI/CD pipelines for application code, infrastructure, and/or serverless is a plus
  • Strong experience with AWS and/or Azure
  • Strong experience with Node.js, Python, React
  • Experience securing multi-tenant enterprise SaaS products
  • Knowledge of common compliance frameworks e.g. SOC, SOX, PCI and ISO standards
  • Security certifications e.g. CISSP, OSCP, OWSP

501-1,000 employees

Accounting workflow automation platform
Company Overview
FloQast's mission is to provide faster answers, better teamwork, and greater peace of mind to accounting teams. FloQast enables customers to streamline processes such as automated reconciliations, documentation requests, and other workflows that impact the month-end close, financial reporting, and payroll.
  • Unlimited PTO
  • Company-Wide Social Events
  • Cold Brew/Nitro On Tap
  • Generous Paid Parental Leave
  • Competitive Compensation
  • 401k (No Matching)
  • Unlimited Snacks and Drinks
  • Family Forming Support, Benefits & Reimbursement
  • Pet Care Discount Program
  • Stock Options
  • Education Reimbursement
  • Medical, Dental, Vision (100% paid)
  • Charitable Donation Matching