Description:

We are seeking an experienced Senior Software Security Engineer to lead efforts in securing our SaaS application, ensuring application integrity, and protecting sensitive data hosted within AWS environments.
The ideal candidate will work closely with development teams throughout the development process, conducting thorough code reviews and manual runtime testing to audit and certify changes before release as part of a critical quality gate.
Advanced expertise in the MERN stack (MongoDB, Express, React, NodeJS), deep knowledge of web protocols, application architecture, and robust networking concepts like DNS and HTTPS are essential.
FloQast is headquartered in Los Angeles, CA and we are seeking US Based REMOTE Engineers.
Visa sponsorship is NOT available at this time.

Drive and own the strategic security roadmap for code integrity across development teams, setting and enforcing enterprise-wide standards.
Design and enforce security quality gates, conducting rigorous code reviews, manual runtime testing, and automated scans to certify feature releases.
Spearhead vulnerability triage processes, collaborating with bug bounty researchers and prioritizing remediation based on risk, severity, and business impact.
Partner with engineering leadership to embed secure coding practices, mentor developers, and drive the resolution of complex security issues.
Design and execute comprehensive security testing, including penetration testing, vulnerability analysis, and audits for new features.
Apply expert-level knowledge of HTTP to secure and optimize requests and responses.
Leverage in-depth understanding of networking concepts (DNS, HTTPS, firewalls) to architect secure application communication.
Drive the implementation of advanced browser security mechanisms, such as Content Security Policy (CSP), CORS, and secure cookie handling.
Lead investigations into complex security incidents, performing root cause analysis and implementing robust preventative measures.
Author and maintain comprehensive security documentation, including policies, procedures, and system configurations.

Requirements:

Prior experience as a MERN stack developer, with hands-on expertise in building and maintaining applications using MongoDB, Express, React, and NodeJS.
Extensive experience with the MERN stack and securing applications in AWS environments.
Proven expertise in managing DAST/SAST tools and handling vulnerability reports from bug bounty programs.
Advanced knowledge of HTTP protocols, including headers, cookies, and browser behaviors.
Deep expertise in software security principles, secure development practices, and modern web technologies (REST APIs, JSON, OAuth).
Strong proficiency in networking fundamentals, including DNS, HTTPS, and TCP/IP.
Demonstrated ability to identify and mitigate advanced security vulnerabilities (e.g., OWASP Top 10 and beyond).
Extensive experience with security testing tools like Burp Suite or similar.
Exceptional problem-solving, analytical, and leadership skills with a focus on detail and impact.

Certifications such as CISSP, CEH, or Offensive Security certifications (OSCP, OSWA, OSWE).
PortSwigger Academy Certification and/or significant experience with their labs.
Extensive experience with HackTheBox or similar advanced security labs.
Deep expertise in cloud security, particularly within AWS, including secure architecture design.
Familiarity with compliance frameworks (e.g., GDPR, PCI-DSS, SOC 2).
Experience mentoring junior engineers or leading security training initiatives.

The base pay range for this position is $144,000 - $216,000.
Compensation is not limited to base salary.
FloQast offers a competitive and elaborate Benefits Package including Medical, Dental, Vision, Family Forming benefits, Life & Disability Insurance, Unlimited Vacation, and participation in our Employee Stock Program.
FloQast reserves the right to amend, change, alter, and revise pay ranges and benefits offerings at any time.