Full-Time Senior Application Security Engineer

Who We Are: At Emburse, you’ll not just imagine the future – you’ll build it. As a leader in travel and expense solutions, we are creating a future where technology drives business value and inspires extraordinary results. The Senior Application Security Engineer will oversee the application security initiatives across Emburse products. This role will be part of the Information Security team and work closely with the engineering and DevOps to integrate security best practices throughout the software development lifecycle (SDLC). This role will also involve conducting security assessments and providing remediation guidance.

What You Will Do

• Lead "shift left" security efforts to build security into the software development lifecycle.
• Build relationships and work directly with engineering teams on security best practices and to remediate identified vulnerabilities. Work with product teams to ensure the vulnerabilities are remediated within procedural timeframes.
• Partner with product teams to establish and prioritize a technical roadmap for 3rd party and open source frameworks and libraries to ensure products are up to date and can respond effectively to zero day threats
• Triage and prioritize bug bounty submissions, code scanning results, and engineering audit vulnerability findings, track remediation, and validate fixes.
• Assist with internal vulnerability scanning, external vulnerability scanning, segmentation testing, and management of penetration testing.
• Conduct secure design reviews and threat modeling. Identify and prioritize risks, attack surfaces, and vulnerabilities.
• Create metrics and reporting of the application security program.

What You Will Bring

• 7+ years of industry experience in application security, security architecture, secure software development, software vulnerability management for multiple technology platforms, frameworks and languages.
• Expertise with application security implementations and standard methodologies.
• Extensive knowledge and comfort with the OWASP Top 10 and common web application exploitation techniques, and their respective countermeasures.
• Experience with DevSecOps, DevOps, CICD pipelines, and secure code development.
• Use of security tools (ex: SAST, IAST, CSPM, SIEM) SaaS experience working with web and mobile solutions to provide security
• Experience working with Snyk, Bug Bounty, Wiz, Hacker Guardian, Hunters strongly preferred
• Experience working with compliance frameworks (i.e. PCI, SOC 2, ISO 27001, NIST)
• Experience performing and coordinating security assessments: internal vulnerability scans, external vulnerability scans, network segmentation testing, and web application penetration testing.
• Relevant certifications such as CISSP, CCSP, GWEB, GWAPT, GMOB, CompTIA Security+, etc.
• Experience working on large cross functional teams, representing IT compliance on initiatives such as change management, identity and access management, policy management and data retention.
• Strong communication skills to effectively solve complex issues to stakeholders in a clear and easy to understand way
• Ability to develop creative and adaptive solutions to unique and complex security items
• Comfortable with a rapid-paced working environment and meeting deadlines
• Bachelor’s degree in Computer Science, Information Systems, or equivalent work experience

What is the last date for applying to the job?

Which countries are accepted for this remote job?