Application Security Engineer

Job Description:

We’re looking for an Application Security Engineer ready to play a ground floor role in developing application security tooling and processes within all phases of the Software Development Life Cycle (SDLC).  In this role, you will work closely with product engineering teams to define application security standards, conduct penetration testing using best practice security tooling, support vulnerability triage, provide secure development education and participate in secure design reviews across our platform and product. Our clients entrust FloQast with their financial data and as such it is our mission to deliver features that provide resilience, confidence and trust in our platform. We believe in scaling security through software engineering best practices and automation.  You'll play a fundamental role in shaping the future of security at FloQast and your work will have significant impact and visibility.

**On-site applicants who are authorized to work in the US, no remote developers or Visa sponsorships are available at this time

What you’ll do…

  • Participate in threat modeling exercises, assisting product, infrastructure and data engineering teams in steering toward secure solutions while prioritizing efforts based on risk mitigation impact.
  • Educate and train product engineering teams on security concepts and skills, extending AppSec's reach by deputizing product teams to help themselves.
  • Conduct penetration tests against FloQast customer-facing products, platform and internal environments.
  • Integrate security tooling into the SDLC in order to build a feedback loop of high quality findings to inform development and security teams of emerging security issues.
  • Develop security standards, preferred implementation patterns, secure common frameworks, developer documentation and educational materials.
  • Explain and demonstrate vulnerabilities to application/system owners, and provide recommendations for mitigation.
  • Stay abreast of new and emerging security technologies and paradigms.
  • Any other projects as assigned to help the Company meet its goals
  • We’re looking for someone with...

  • 3+ years of experience in a web or mobile application security role.
  • 3+ years using at least one high level programming language e.g. Node.js, Python, Go, Java, Ruby.
  • Strong experience utilizing web application security scanning software and penetration testing tools e.g. Burp Suite, ZAP, Nessus, Qualys, Metasploit, CANVAS, Cobalt Strike, CVE remediation tooling, etc.
  • Experience conducting secure code development training.
  • Experience performing threat modeling and secure design review in order to assess the security implications and requirements of new systems and technologies.
  • XSS, XXE, SQLi, and obscure business logic bugs come second nature to you.
  • Experience building or working with distributed multi-tier web server-client architectures.
  • Experience with cloud environments AWS, GCP, or Azure.
  • Foundational understanding of network and application fundamentals and best practices e.g. HTTP/S, DNS, VPN, Load Balancing, SAML, OAuth, OpenID etc.
  • Strong sense of ownership, urgency and drive.
  • Strong ability to lead cross-team initiatives and communicate proposals and ideas concisely.
  • Nice to have attributes…

  • Experience securing multi-tenant enterprise SaaS products.
  • Knowledge of common compliance frameworks a plus e.g. SOC, SOX, PCI and ISO standards.
  • Security Certifications e.g. CISSP, AWS Certified Solutions Architect, AWS Certified Speciality.
  • About FloQast    www.floqast.com

    FloQast is a fast-growing, Los Angeles-based, growth-stage company redefining how a critical business process (financial close) is performed.  Our growth and success are fueled by a passion to define and dominate the close management software market. We are the first company of our kind to focus specifically on the mid-market. Our prospects have been hungry for a solution like FloQast and the response has made FloQast among the fastest growing FinTech companies with now more than 750 customers, including Lyft, Zoom, Twilio and the Golden State Warriors.

    - We are fanatics about the success of our customers.  Check us out on G2 Crowd 

    - We are equally fanatic about creating and maintaining a fabulous culture of support and success for all employees.  

    - We are moving quickly and there is a huge upside opportunity in terms of career growth

    - FloQast offers competitive compensation, stock options, full benefits, and a positive and supportive work environment   

    - Named among Best Places to Work by LA Business Journal in 2017, 2018 and 2019

    - Ranked #10 on The SaaS 1000  

    FloQast, Inc is committed to operating fair and unbiased recruitment procedures allowing all applicants an equal opportunity for employment, free from discrimination on the basis of religion, race, sex, age, sexual orientation, disability, color, ethnic or national origin, or any other classification as may be protected by applicable law. We aim to recruit the right people for the jobs we have to offer, and to assess applications on the basis of relevant skills, education, and experience. We welcome people of different backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and strive to provide a professional and welcoming workplace for all employees.