Application Security Engineer

Posted Feb 9

Personal development and becoming the best you is all about growth and exploring new skills and opportunities – both in and out of the office. At Accruent, we call this Grow Without Limits, and we’re proud to offer each of our employees the resources, coaching and support necessary to achieve Growth Without Limits in their personal and professional lives. Explore where the path takes you. 

Why you want to work for our Security team:

The Application Security Engineer will be core team member owning application security consultation across the entire security program which encompasses three Operating Companies under the Facility and Asset Lifecycle (FAL) portfolio at Fortive. These three operating companies are Accruent, Gordian, and ServiceChannel. The Application Security Engineer will work with the Application Security Manager to drive security programs around secure product development, secure application development and be responsible for the security of any internal or external solutions or products. They will be highly embedded as a partner to the engineering and technology organizations at all three operating companies driving security review, awareness, training, and security risk management activities with team members!

The Application Security Engineer will also strategically be looking to standardize on secure product and secure application processes, tools, and developing governance and policy in collaboration with the Application Security Manager. They will be responsible for developing security metrics, performance indicators, ensuring partner awareness of the above, and driving continuous improvement activities, ad hoc kaizen activity, and deepening leadership awareness of product and application security risks. They will work closely across the three operating companies with engineering leadership and developers on all of the above.

The position will be an individual contributor position reporting directly to the Application Security Manager of Fortive’s FAL Group and will be a 100% remote work opportunity.

How you'll make a difference:

  • Assure all new products and services are designed in alignment with security standard processes, while assessing and driving security enhancements across existing solutions.
  • Own the code vulnerability mitigation approval process working closely with developers and engineering leaders consulting on remediation efforts as aligned with the Application Security Manager.
  • Be the security team’s point of contact to the engineering organizations to vet security architectural changes, code design modifications, secure code, and release reviews.
  • Run tactical vulnerability intake meetings as needed with developers and engineering leaders.
  • Be a leader with vision in every aspect of the application and product security program deepening relationships of trust with engineering, technology, and product team members to ensure the success of the application security program.
  • Establish repeatable metrics to show the health of the application security program and establish security standard processes where gaps exist and partner with peers on the security team alongside the business to close those gaps.
  • Be an authority across all topics pertaining to the application security program being able to provide guidance and consultation on any related topic with any team member regarding raised security risks, technical implementations, or moving security earlier in collaborator processes and projects.
  • Understand Fortive’s security program goals clearly and ensure that Operating Company security approach is aligned with Fortive’s security program and work with Fortive security if any discrepancies or prioritization misalignments exist.
  • Provide Fortive security with vital feedback about FAL OpCo security concerns and ensure that the Fortive security program aligns with the security needs and prioritization of the FAL operating companies.
  • Be the point of escalation for product and application security alerts working alongside peers on the security team to triage alerts and owning the accountability for action against those alerts.
  • Be able to assess vulnerabilities and product related security incidents with upstream and downstream security controls in mind and properly prioritize remediation efforts.
  • Ensure security testing and validation efforts for all client-facing products and services
  • Be a champion for risk based thought, culture, and drive the maturation of the product and application security risk management posture across the organization.
  • Stay up to date with innovative and creative approaches to product and application security particularly with solutions which have material effects on SaaS and Data companies.

What you bring to the table:

  • 5+ years as a software developer in a SaaS company with a focus in secure development with demonstrated success in Enterprise, SaaS, and/or Software products.
  • BS degree or equivalent experience in Computer Science, Engineering, Mathematics
  • Demonstrable experience in application security as a developer both in implementing code and in reviewing code for secure practices and remediating security vulnerabilities.
  • Proven development background using Java and/or .NET.
  • Strong knowledge of secure development practices, code signing, and threat modeling.
  • Solid understanding of OWASP Top Ten, OWASP ASVS, OWASP LLM, OWASP SAMM, and OWASP Mobile Application Security concepts.
  • Demonstrable understanding of SAST, DAST, Software Composition Analysis (SCA).
  • Solid background in standard methodologies for SaaS and Data companies around application and product security. and familiarity with CI/CD industry standard processes.
  • Familiar with generation of Software Bill of Materials (SBOM).
  • Familiar with Application security tools such as Veracode, Fortify, Burpsuite, Synk, Sonarqube, or similar tools and operational experience using the above.
  • Familiarity with common security libraries, security controls, and common security flaws.
  • Experience with application penetration test engagements with external providers and developing rules of engagement aligned with test requirements.
  • Superb communication skills, with the ability to lead meetings and work effectively with diverse teams.
  • Strong problem-solving skills, with the ability to address security vulnerabilities and identify effective solutions while bringing knowledge of current security threats, trends, and mitigation strategies.
  • Relevant certifications in security (e.g., CISSP, CSSLP, GWAPT) are a plus.
  • Ability to influence and achieve results via accountability and negotiation and creative problem solving.

Please Note:

  • This job does may require up to 5% travel domestically. 
  • This is a full-time, exempt opportunity. 
  • Relocation will not be considered for this position. 
  • At this time, visa sponsorship is not available. 

The salary range for this position is $79,700 - $147,900. This position is also eligible for a bonus as part of the compensation package.

Base pay offered may vary depending on various factors, including, but not limited to: job-related knowledge; skills; experience; and other eligibility factors such as geographic location. The Total Rewards package includes competitive base pay and an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and several programs that provide for both paid and unpaid time away from work.

ABOUT ACCRUENT

At Accruent (a subsidiary or affiliate of Fortive Corporation), we strive to be on the cutting edge of the software world, providing purpose-built intelligent solutions that raise customer expectations, shift paradigms and transform the way businesses operate and achieve success.

We aim to provide the same transformational growth for our 1,000+ employees which includes a vibrant office culture in major cities like Austin and Amsterdam – and 10,000 customers in more than 150 countries – we know you’ll gain new experiences along the way. In our continued effort to help our teams Grow Without Limits, we provide all employees with the resources, coaching and support they need to reach new heights and experience true professional and personal development – and we do this because we believe it will help us grow as a global company in return.

Every person can bring something incredible to the table, and we can always achieve more together. So, if you are courageous, adaptable, collaborative and interested in becoming the best you, we encourage you to join us for the ride – even if you don’t believe you have the exact experience to fill a particular role.

Explore the path. Join Accruent.

ABOUT FORTIVE

Fortive’s essential technology makes the world stronger, safer, and smarter. We accelerate transformation across a broad range of applications including environmental, health and safety compliance, industrial condition monitoring, next-generation product design, and healthcare safety solutions.

We are a global industrial technology innovator with a startup spirit. Our forward-looking companies lead the way in software-powered workflow solutions, data-driven intelligence, AI-powered automation, and other disruptive technologies. We’re a force for progress, working alongside our customers and partners to solve challenges on a global scale, from workplace safety in the most demanding conditions to groundbreaking sustainability solutions.

We are a diverse team 17,000 strong, united by a dynamic, inclusive culture and energized by limitless learning and growth. We use the proven Fortive Business System (FBS) to accelerate our positive impact.

At Fortive, we believe in you. We believe in your potential—your ability to learn, grow, and make a difference. At Fortive, we believe in us. We believe in the power of people working together to solve problems no one could solve alone. At Fortive, we believe in growth. We’re honest about what’s working and what isn’t, and we never stop improving and innovating.

Fortive: For you, for us, for growth.

Fortive Corporation and all Fortive Companies are proud to be equal opportunity employers. We value and encourage diversity and solicit applications from all qualified applicants without regard to race, color, national origin, religion, sex, age, marital status, disability, veteran status, sexual orientation, gender identity or expression, or other characteristics protected by law. Fortive and all Fortive Companies are also committed to providing reasonable accommodations for applicants with disabilities. Individuals who need a reasonable accommodation because of a disability for any part of the employment process should ask to speak with a Human Resources representative to request an accommodation.