Senior Application Security Engineer

Senior Application Security Engineer

(Pittsburgh, PA; New York City, NY; Fremont, CA)

Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions.

COMPANY OVERVIEW

At Ivalua we are a global community of exceptional professionals, who believe that digital transformation revolutionizes supply chain sustainability and resiliency to unlock the power of supplier collaboration. We achieve this through our leading cloud-based spend management platform that empowers hundreds of the world's most admired brands to effectively manage all categories of spend and all suppliers to increase profitability, improve ESG (environmental, social, and corporate governance) performance, lower risk, and improve productivity. Driven by our passions and fueled by our shared ambitions, we empower and challenge each other to create meaningful experiences for our colleagues, customers, partners, and communities. 

Learn more at www.ivalua.com. Follow us on LinkedIn

THE OPPORTUNITY

CONTEXT: You will be part of the InfoSec team with a mission to build, maintain, and continuously improve our Information Security program, providing peace of mind and assurance of protection and safety to our customers. Our team is hands-on, with a strong problem-solving mindset, capable of thinking holistically about implementation and providing solutions to address our customers' long-term challenges. We work hard and play hard, enjoying various indoor and outdoor activities organized by the company, allowing you to focus, collaborate, and unleash your creativity.

ROLE: We are currently seeking a Senior Application Security Engineer to help secure Ivalua’s SaaS application product and corporate internet-facing applications. This role involves enhancing the SSDLC process, maintaining and improving automated vulnerability scans, performing manual security testing at the application layer, orchestrating remediation plans, and tracking vulnerability remediation progress through reports and dashboards. Additionally, the Senior AppSec Engineer will contribute to the deployment and continuous improvement of the Secure Architecture & Software Development program to ensure the security of Ivalua’s SaaS platform.

WHAT YOU WILL DO WITH US

• Perform manual web application penetration testing on the Ivalua SaaS application product, web services as well as the corporate critical or internet-facing web applications
• Enhance/Optimize the application security tooling scanning configurations (SAST, DAST, SCA) to reduce false positives/negatives
• Write and maintain in-house automated scripts to complement the scanning tool gaps and industrialize the manual security tests
• Act as the main POC for analyzing, discussing and reviewing the technical audits findings from US customers
• Advocate and support the implementation of security best practices as part of the development lifecycle within the R&D department including security design reviews and security testing of major product changes or enhancements
• Support the analysis, reporting, tracking and retesting of security vulnerabilities reported through multiple sources (customer, internal and external audits) and provide guidance to developers to fix these in a manner consistent with Ivalua standards
• Contribute to develop, enhance, maintain and deliver a developer security training program and maintain secure development guidelines
• Act as one of the SME on application security and stay apprised on new vulnerabilities, threats, risks, tools and techniques

YOUR PROFILE

If you have the below experience and strengths this role could be for you

Skills and Experience:

• Bachelor’s degree in relevant field preferred with a minimum of 7 years of relevant professional experience, OR Master’s degree in relevant field with a minimum of 5 years of relevant professional experience, OR Equivalent combination of education and experience
• Proven practical experience in integrating security as part of SDLC (security by design, security code reviews, security tests etc.)
• Highly proficient in scripting, client-side programming and query languages (such as Python, JavaScript, SQL)
• Experience with the industry-recognized application security tools (BurpSuite, SQLMap, Invicti, Checkmarx etc.)
• An Offensive Security qualification or evidence of starting to work towards e.g. OSCP, OSWE, GPEN, GWAPT, CPTS, Hack-the-Box labs or root-me challenges or similar is preferred but not required
• Ability to handle multiple tasks, prioritize and meet deadlines

Soft Skills :

• Excellent interpersonal, communication and organizational skills
• Team player with the ability to interface effectively with a broad range of individuals 
• High degree of initiative, dependable and able to work well with limited supervision

WHAT HAPPENS NEXT

If your application fits this specific position’s needs, our skilled Talent team will reach out to schedule an initial screening call. Get one step closer to achieving your goals – apply today! 

Our Talent team will guide you through every step of the interview process - from preparation to completion. They're here to support you! 

Our recruitment process is designed to assess your competencies through a series of personalized interviews with internal stakeholders relevant to the role. 

Interviews will be conducted virtually via video or on-site with face-to-face meetings.

LIFE AT IVALUA

• Hybrid working model (3 days in the office per week)
• We're a team dedicated to pushing the boundaries of product innovation and technology
• Sustainable Growth, Privately Held
• A stable and cash-flow positive Company since 10 years
• Snacks and weekly lunches in the office
• Feel empowered to pursue your goals with improved team collaboration and increased creativity/productivity
• Unlock and unleash your full professional potential with our exceptional training and career development program
• Join a dynamic and international team of top-notch professionals who are experts in their respective fields. Collaborate with like-minded individuals who are deeply passionate and highly motivated about their work. Experience a truly diverse and inclusive work environment where your unique contributions are highly valued
• Regular social events, competitive outings, team running events, and musical activities,
• Comparably recognized Ivalua for the following (https://www.comparably.com/companies/ivalua) :

Powered by People - Powered by You!

United by our values we embrace diversity and equity in the broadest possible sense to create an inclusive workplace. To help our customers make supply chains more efficient, sustainable and resilient, we rely on a global team with a variety of backgrounds, skills and views. We believe in equal opportunity and in diversity as a driver of innovation that cultivates a spirit of inclusiveness, creates a productive and fun place to work, and provides fulfilling career opportunities for all Ivaluans. https://www.linkedin.com/company/ivalua/about/

Experience life at Ivalua - check out our captivating video! Gain insight into our unique company culture and get a glimpse of what it's like to work with us.

Ivalua’s core values include a priority on Care & Grow People. We take matters like pay equity very seriously and strive to reward our employees appropriately and fairly for their talents.

The compensation range for this position is based upon careful and continual market compensation research. In addition to location, compensation may also vary based upon job-related knowledge, skills, and experience.

Title: Senior Application Security Engineer    
Base Range minimum: $130,000
Base Range maximum: $190,000

Additional compensation / rewards: Ivalua offers an annual target bonus for this position conditional on individual and company performance. Other compensation factors may also be considered. Ivalua also offers exceptional benefits including medical, dental, vision, retirement (with company match), and much more.

#LI-SG1

#LI-HYBRID