Remote Senior Application Security Engineer

Description:

• The Senior Application Security Engineer will oversee the application security initiatives across Emburse products.
• This role will be part of the Information Security team and will work closely with engineering and DevOps to integrate security best practices throughout the software development lifecycle (SDLC).
• The engineer will lead “shift left” security efforts to build security into the software development lifecycle.
• They will build relationships and work directly with engineering teams on security best practices and to remediate identified vulnerabilities.
• The role involves working with product teams to ensure vulnerabilities are remediated within procedural timeframes.
• The engineer will partner with product teams to establish and prioritize a technical roadmap for 3rd party and open source frameworks and libraries to ensure products are up to date and can respond effectively to zero-day threats.
• They will triage and prioritize bug bounty submissions, code scanning results, and engineering audit vulnerability findings, track remediation, and validate fixes.
• The engineer will assist with internal vulnerability scanning, external vulnerability scanning, segmentation testing, and management of penetration testing.
• They will conduct secure design reviews and threat modeling, identifying and prioritizing risks, attack surfaces, and vulnerabilities.
• The role includes creating metrics and reporting of the application security program.

Requirements:

• Candidates must have 7+ years of industry experience in application security, security architecture, secure software development, and software vulnerability management for multiple technology platforms, frameworks, and languages.
• Expertise with application security implementations and standard methodologies is required.
• Extensive knowledge and comfort with the OWASP Top 10 and common web application exploitation techniques, along with their respective countermeasures, is necessary.
• Experience with DevSecOps, DevOps, CICD pipelines, and secure code development is essential.
• Proficiency in using security tools such as SAST, IAST, CSPM, and SIEM is required.
• Candidates should have SaaS experience working with web and mobile solutions to provide security.
• Experience working with Snyk, Bug Bounty, Wiz, Hacker Guardian, and Hunters is strongly preferred.
• Familiarity with compliance frameworks such as PCI, SOC 2, ISO 27001, and NIST is necessary.
• Experience performing and coordinating security assessments, including internal and external vulnerability scans, network segmentation testing, and web application penetration testing, is required.
• Relevant certifications such as CISSP, CCSP, GWEB, GWAPT, GMOB, CompTIA Security+, etc., are preferred.
• Candidates should have experience working on large cross-functional teams, representing IT compliance on initiatives such as change management, identity and access management, policy management, and data retention.
• Strong communication skills are essential to effectively solve complex issues for stakeholders in a clear and easy-to-understand way.
• The ability to develop creative and adaptive solutions to unique and complex security items is required.
• Candidates must be comfortable with a rapid-paced working environment and meeting deadlines.
• A Bachelor’s degree in Computer Science, Information Systems, or equivalent work experience is required.

Benefits:

• Emburse offers competitive pay and flexible work arrangements.
• The company fosters an inclusive and collaborative environment that supports employee success.
• Employees will have the opportunity to work alongside some of the brightest minds in finance, tech, and AI to solve real-world challenges.
• The work at Emburse drives efficiency, innovation, and smarter financial decision-making for businesses everywhere.
• Emburse provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics.