Senior Application Security Engineer
We’re looking for a Senior Application Security Engineer ready to play a key role in our growing security team. In this role, you will work closely with our entire security team and get exposed to all areas within the offensive and defensive security domains.
We’re looking for an individual who’s a subject matter expert within the application security domain. In this role, you will work closely with product engineering teams to define application security standards, perform red team operations across multiple departments and teams, code reviews, support vulnerability triage, provide secure development education and participate in secure design reviews across our platform and product.
Our clients entrust FloQast with their financial data and as such it is our mission to deliver features that provide resilience, confidence and trust in our platform. We believe in scaling security through software engineering best practices and automation. You'll play a fundamental role in shaping the future of security at FloQast and your work will have significant impact and visibility.
FloQast is headquartered in Los Angeles, CA and we are seeking US Based REMOTE Engineers.
Visa sponsorship is NOT available at this time.
What you’ll do…
- Participate in architecture design reviews with senior engineering and product management staff to incorporate effective threat modeling and security standards into product design.
- Educate and train product engineering teams on security concepts and skills, extending AppSec's reach by deputizing product teams to help themselves.
- Evaluate and instrument automation and tooling to ensure a security regression within any component of our platform does not occur.
- Expand our security detection and prevention capabilities throughout the FloQast platform.
- Conduct red team operations against FloQast customer-facing products, platform, internal environments and teams.
- Develop security standards, preferred implementation patterns, secure common frameworks, developer documentation and educational materials.
- Explain and demonstrate vulnerabilities to application/system owners, and provide recommendations for mitigation.
- Advise senior management on perceived risks and work to determine an acceptable risk appetite while weighing overall business and usability impact.
- Stay abreast of new and emerging security technologies and paradigms.
- Any other projects as assigned to help the Company meet its goals.
We’re looking for someone with...
- 5+ years of experience with auditing web applications.
- 3+ years using at least one high level programming language e.g. Node.js, Python, Go, Java, Ruby.
- Experience utilizing web application security scanning software and penetration testing tools e.g. Burp Suite, ZAP, Nessus, Qualys, Metasploit, CANVAS, Nuclei, Cobalt Strike.
- Experience and desire conducting security training for developers and the security team.
- Experience performing threat modeling and secure design review in order to assess the security implications and requirements of new systems and technologies.
- Experience building or working with distributed multi-tier web server-client architectures.
- Experience with cloud environments AWS or Azure.
- Strong foundational understanding of network and application fundamentals and best practices; e.g. HTTP, DNS, VPN, SAML, OAuth, OpenID etc.
- Strong understanding of OWASP Top 10 vulnerabilities in web applications, including XSS, SSRF, IDOR, RCE, CSRF vulnerabilities.
- Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM)
- Experience implementing security practices in automated CI/CD pipelines for application code, infrastructure, and/or serverless is a plus.
- Strong sense of ownership, urgency and drive.
- Strong ability to lead cross-team initiatives and communicate proposals and ideas concisely.
Nice to have attributes…
- Strong experience with AWS and/or Azure.
- Strong experience with Node.js, Python, React.
- Experience securing multi-tenant enterprise SaaS products.
- Knowledge of common compliance frameworks e.g. SOC, SOX, PCI and ISO standards.
- Security certifications e.g. CISSP, OSCP, OWSP
#BI-Remote
#LI-TZ1
#LI-Remote
This job posting is for our Senior Application Security Engineer role, the base pay range for this position is $175,500 - $241,500. Compensation is not limited to base salary. FloQast values our Total Rewards, and offers a competitive and elaborate Benefits Package including, but not limited to, Medical, Dental, Vision, Family Forming benefits, Life & Disability Insurance, Unlimited Vacation, and participation in our Employee Stock Program. FloQast reserves the right to amend, change, alter, and revise pay ranges and benefits offerings at any time. All applicants acknowledge that by applying to this position you understand that this specific pay range is contingent upon meeting the qualifications and requirements of the role, and for the successful completion of the interview selection and process. It is at the Company's discretion to determine what pay is provided to a candidate within the range associated with the role.
About FloQast www.floqast.com
FloQast is the leader in accounting workflow automation created by accountants for accountants. By automating and modernizing everyday accounting workflows, FloQast enables accountants to work better together and perform their tasks with greater efficiency and accuracy. The cloud-based, AI-enhanced software is trusted by more than 2,500 accounting teams, including those at Snowflake, Kodiak, Instacart, Zoom, and The Golden State Warriors - and still growing! We aspire to forever elevate accounting and improve both the practice and perceptions of the profession.
Our values serve as a compass that guides our decisions and are considered non-negotiable, especially when it comes to hiring. Together with our employees, partners, and customers, we live these values every day.
Unwaveringly Authentic
Ambitious with Integrity
Empowered to Grow
Committed to Collaboration
Customer Obsessed in All Ways
Here’s Why You Should Apply:
Amazing Benefits - FloQast pays 100% of the premium for employees and families for most Medical, Dental, & Vision plans.
Competitive Compensation & Stock Options
FloQast is regularly rated as a Best Place to Work!
- Inc. Magazine’s Best Workplaces in 2023, 2022, and 2021
- Best Places to Work by LA Business Journal since 2017 (that’s 6 years!)
- Built In’s Best Place to Work in Los Angeles 4 years in a row!
Professional Growth & Community - We believe community extends through and beyond the office. We have Employee Resource Groups, community volunteer opportunities, social events, DEI initiatives, and reimbursements for professional development relevant to your role.
Work-Life Balance - We have unlimited PTO along with a generous parental leave policy. To top it off, we have Mental Health Days, where the company closes to allow employees to unplug, relax, and recharge (we know Zoom fatigue is a real thing!)
Employee Choice Policy - Employees can work from home and also have the option to work in a FloQast office or maintain a hybrid work schedule.
Our customers love us! See for yourself on G2 Crowd.
FloQast, Inc is committed to operating fair and unbiased recruitment procedures allowing all applicants an equal opportunity for employment, free from discrimination on the basis of religion, race, sex, age, sexual orientation, disability, color, ethnic or national origin, or any other classification as may be protected by applicable law. We aim to recruit the right people for the jobs we have to offer, and to assess applications on the basis of relevant skills, education, and experience. We welcome people of different backgrounds, experiences, abilities, and perspectives. We are an equal opportunity employer and strive to provide a professional and welcoming workplace for all employees.