Software Security Engineer
We’re looking for a Software Security Engineer looking to make an immediate impact in designing systems and processes to enable our Engineering teams to deliver our product safely and securely. Our clients entrust FloQast with their financial data and as such it is our mission to deliver features that provide resiliency, confidence and trust in our platform. The security team designs and builds FloQast's security architecture and our work takes place at all levels of the stack, from web application security to infrastructure security as well as IT. We believe in scaling security through software engineering best practices and automation. You'll play a fundamental role in shaping the future of security at FloQast and your work will have significant impact and visibility.
**On-site applicants who are authorized to work in the US, no remote developers or Visa sponsorships are available at this time
What you'll do...
Build applications, libraries and frameworks to enable security by default in the Secure Software Development Life Cycle. Instrument the detection of security vulnerabilities at scale and determine the efficacy of automated scanning tooling within FloQast’s environment.Assess the platform’s threat surface, developing systems to facilitate detection, investigation and remediation of security events or misuse.Provide security guidance to product engineering teams to ensure rapid triage of vulnerabilities.Develop and conduct developer security training including but not limited to OWASP Top 10 and STRIDE threat modeling.Perform and advocate for secure design, threat modeling and code review of new features, integrations, applications and services.Advise and mentor engineering and product teams to ensure all new technologies are robust and adhere to security standards.
We're looking for someone with...
3+ years using at least one high level programming language e.g. Node.js, Python, Go, Java, Ruby.3+ years building or working with distributed multi-tier web server-client architectures.Strong foundational understanding of network and application fundamentals and best practices e.g. HTTP/S, DNS, VPN, Load Balancing, SAML, OAuth, OpenID etc.Strong understanding of common vulnerabilities in web applications including XSS, SSRF, IDOR, RCE, CSRF vulnerabilities.Strong understanding of AWS offerings (e.g. VPC, ELB/ALB, ECS, EC2, SQS, SNS, Lambda, etc.) or equivalent cloud infrastructure provider offerings.Experience performing secure design review, threat modeling and code review in order to assess the security implications and requirements of new systems and technologies.Experience using penetration tools preferred e.g. Burp Suite, ZAP, Metasploit, NMAP, CANVAS, Cobalt Strike, Empire etc.Strong sense of ownership, urgency and drive.Ability to lead cross-team initiatives and communicate proposals and ideas concisely.
Nice to have attributes…
Experience securing multi-tenant enterprise SaaS products.Knowledge of common compliance frameworks a plus e.g. SOC, SOX, PCI and ISO standards.Security Certifications e.g. CISSP, AWS Certified Solutions Architect, AWS Certified Speciality
FloQast is a fast growing, Los Angeles-based, early-stage company redefining how a critical business process (financial close) is performed. Our growth and success is fueled by a passion to define and dominate the Close Management Software market. We are the first company of our kind to focus specifically on the mid-market. Our prospects have been hungry for a solution like FloQast for years and the response to our solution has been overwhelmingly positive.
- FloQast offers competitive compensation, stock options, full benefits, and a positive and supportive work environment
- We are fanatics about the success of our customers. Check us out on G2 Crowd
- We are equally fanatic about creating and maintaining a fabulous culture of support and success for all employees. Check out what people are saying on Glassdoor
- We are moving quickly and there is huge upside opportunity in terms of career growth
FloQast, Inc is committed to operating fair and unbiased recruitment procedures allowing all applicants an equal opportunity for employment, free from discrimination on the basis of religion, race, sex, age, sexual orientation, disability, color, ethnic or national origin, or any other classification as may be protected by applicable law. We aim to recruit the right people for the jobs we have to offer, and to assess applications on the basis of relevant skills, education, and experience. We welcome people of different backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and strive to provide a professional and welcoming workplace for all employees.