Application Security Engineer

Mission:

Excellence in technology information security and regulatory compliance are foundational to our success. While complex software development lifecycle (SDLC) processes are supported and automated by advanced systems their effectiveness depends on consistent reliable execution across all business functions. This challenge is amplified by variations in coding practices and development pipelines across teams and organizations. To meet these demands a comprehensive and integrated application security program must be clearly defined diligently maintained effectively implemented and consistently measured to ensure that every application we deliver achieves the level of security expected by both our company and our customers.

The Application Security Engineer plays a key role in reducing risk across InvoiceClouds platform by driving the application security program. This role requires strong attention to detail persistence expertise in application security and programming languages planning skills self-motivation organization communication and problem-solving abilities. The Application Security Engineer will own all aspects of creating fostering implementing and maintaining an application security program across the firm. The primary objective of this position is to consistently identify prioritize and mitigate risks related to application security in an effective manner.

Responsibilities:

• Lead application security reviews and threat modeling including code review and dynamic testing.
• Own and perform application security vulnerability management.
• Lead product and development teams in application security.
• Lead development of automated security testing to validate that secure coding best practices are being used.
• Guide and advise product development teams as SMEs in the area of application security.
• Work closely with developers to help improve the security of their products and services as well as designing technical solutions to address security weaknesses and working with relevant stakeholders to implement them.
• Serve as the liaison between management and development resources for matters pertaining to application security initiatives.
• Serve as the point of contact regarding overall application security program process.
• Interact with development personnel management consultants and other company personnel to proactively and reactively maintain security risk objectives.
• Collaborate in the creation maintenance of IT control matrices and IT process documentation for various compliance requirements (PCI DSS NIST CSF Enterprise Risk & Security and Operations Applications and ITGC procedures).

Qualifications:

This role has privileged access to highly sensitive information intellectual property legal matters and complex business scenarios. The successful candidate has:

• Bachelors in Computer Science Information Technology or related is preferred
• 5 years of application security experience
• Hands-on experience across SDLC activities such as threat modeling secure code review vulnerability management and penetration testing
• Certifications such as CISSP CSSLP CEH OSCP or GIAC preferred
• Upholds strong ethics when handling sensitive and confidential information.
• Experience analyzing system services spotting issues in code networks and applications from a security perspective has troubleshooting skills to recognize security issues that appear under new threat scenarios.
• Demonstrated knowledge in resolving vulnerabilities in various programming languages JavaScript and Python.
• Demonstrated knowledge and ability to deploy tools methodologies and controls to reduce application security risk.
• Possesses strong decision-making capabilities and an ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Foundational knowledge of deploying and securing SaaS applications and cloud environments

Personal Skills

• Optimistic persistently driving for the positive outcome
• Team player; collaborative and can work independently.
• Excellent coordination and orchestration abilities
• Strong work ethic interpersonal skills time management planning and execution skills
• Resourceful collaborative out of the box thinking
• Demonstrates a personal code of ethics integrity and trust
• Able to successfully navigate within varying degrees of ambiguity in a fast-paced environment
• Efficient communications skills (written/verbal) and interpersonal savvy
• Possess a good sense of self and a strong approachable personal presence.
• Possess the determination to get results without harm provide transparent feedback and prioritize a positive outcome.