Application Security Engineer

Mission:

Excellence in technology, information security, and regulatory compliance are foundational to our success. While complex software development lifecycle (SDLC) processes are supported and automated by advanced systems, their effectiveness depends on consistent, reliable execution across all business functions. This challenge is amplified by variations in coding practices and development pipelines across teams and organizations. To meet these demands, a comprehensive and integrated application security program must be clearly defined, diligently maintained, effectively implemented, and consistently measured to ensure that every application we deliver achieves the level of security expected by both our company and our customers.

The Application Security Engineer plays a key role in reducing risk across InvoiceCloud’s platform by driving the application security program. This role requires strong attention to detail, persistence, expertise in application security and programming languages, planning skills, self-motivation, organization, communication, and problem-solving abilities. The Application Security Engineer will own all aspects of creating, fostering, implementing, and maintaining an application security program across the firm. The primary objective of this position is to consistently identify, prioritize, and mitigate risks related to application security in an effective manner.  

Responsibilities:

• Lead application security reviews and threat modeling, including code review and dynamic testing. 
• Own and perform application security vulnerability management. 
• Lead product and development teams in application security. 
• Lead development of automated security testing to validate that secure coding best practices are being used. 
• Guide and advise product development teams as SMEs in the area of application security. 
• Work closely with developers to help improve the security of their products and services, as well as designing technical solutions to address security weaknesses, and working with relevant stakeholders to implement them. 
• Serve as the liaison between management and development resources for matters pertaining to application security initiatives.
• Serve as the point of contact regarding overall application security program process.
• Interact with development personnel, management, consultants, and other company personnel to proactively and reactively maintain security risk objectives.
• Collaborate in the creation, maintenance of IT control matrices and IT process documentation for various compliance requirements (PCI DSS, NIST CSF, Enterprise Risk & Security and Operations, Applications, and ITGC procedures). 

Qualifications:

This role has privileged access to highly sensitive information, intellectual property, legal matters, and complex business scenarios.  The successful candidate has:

• Bachelor's in Computer Science, Information Technology or related is preferred
• 5+ years of application security experience
• Hands-on experience across SDLC activities such as threat modeling, secure code review, vulnerability management, and penetration testing
• Certifications such as CISSP, CSSLP, CEH, OSCP, or GIAC preferred
• Upholds strong ethics when handling sensitive and confidential information.
• Experience analyzing system services, spotting issues in code, networks and applications from a security perspective, has troubleshooting skills to recognize security issues that appear under new threat scenarios. 
• Demonstrated knowledge in resolving vulnerabilities in various programming languages including .net, JavaScript, and Python.
• Demonstrated knowledge and ability to deploy tools, methodologies, and controls to reduce application security risk. 
• Possesses strong decision-making capabilities and an ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one. 
• Foundational knowledge of deploying and securing SaaS applications and cloud environments

Personal Skills 

• Optimistic, persistently driving for the positive outcome 
• Team player; collaborative and can work independently.
• Excellent coordination and orchestration abilities 
• Strong work ethic, interpersonal skills, time management, planning and execution skills 
• Resourceful, collaborative, ‘out of the box’ thinking 
• Demonstrates a personal code of ethics, integrity, and trust
• Able to successfully navigate within varying degrees of ambiguity in a fast-paced environment  
• Efficient communications skills (written/verbal) and interpersonal savvy  
• Possess a good sense of self and a strong, approachable personal presence.    
• Possess the determination to get results without harm, provide transparent feedback, and prioritize a positive outcome.