Application Security Architect at FloQast
We’re looking for an Application Security Architect ready to play a ground floor role in developing application security tooling and processes within all phases of the Software Development Life Cycle (SDLC). In this role, you will work closely with product engineering teams to define application security standards, instrument security testing, support vulnerability triage, participate in identification of risk across our platform and will advocate for security in all aspects of our product. Our clients entrust FloQast with their financial data and as such it is our mission to deliver features that provide resilience, confidence and trust in our platform. We believe in scaling security through software engineering best practices and automation. You'll play a fundamental role in shaping the future of security at FloQast and your work will have significant impact and visibility.
What you’ll do…
- Participate in architecture design reviews with senior engineering and product management staff to incorporate effective threat modeling and security standards into product design.
- Educate team members on application security coding standards and best practices, and work to establish a regular training program.
- Develop processes and automation for security reviews and testing activities including those within the CI/CD pipelines, and evaluate application security tools to improve our detection and prevention capabilities.
- Explain and demonstrate vulnerabilities to application/system owners, and provide recommendations for mitigation.
- Build process by which discovered vulnerabilities can be quickly triaged, tracked and remediated by product engineering teams.
- Work with product owners to inform and prioritize product security engineering roadmaps and facilitate secure development of in-product functionality that allows product teams independent access to sensitive data sets in a secure and compliant manner.
- Participate in strategic activities to evangelize security objectives and ensure their appropriate consideration in product and operational planning across all teams.
- Advise senior management on perceived risks and work to determine an acceptable risk appetite while weighing overall business and usability impact.
- Advise and communicate security priorities, controls, technologies and pertinent policies to all relevant stakeholders and team leads.
- Stay current with new and emerging security technologies and paradigms. Makes recommendations for their use based on business value.
We’re looking for someone with...
- 6+ years of experience in web or mobile application security role.
- 5+ years building or working with distributed multi-tier web server-client architectures.
- Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM).
- Experience conducting secure code development training.
- Experience implementing security practices in automated CI/CD pipelines for application code, infrastructure, and/or serverless is a plus.
- Experience performing secure design review and threat modeling in order to assess the security implications and requirements of new systems and technologies.
- Strong foundational understanding of network and application fundamentals and best practices e.g. HTTP/S, DNS, VPN, Load Balancing, SAML, OAuth, OpenID etc.
- Strong understanding of OWASP Top 10 vulnerabilities in web applications including XSS, SSRF, IDOR, RCE, CSRF vulnerabilities.
- Strong understanding of AWS offerings (e.g. VPC, ELB/ALB, ECS, EC2, SQS, SNS, Lambda, etc.) or equivalent cloud infrastructure provider offerings.
- Experience utilizing web application security scanning software and penetration testing tools e.g. Burp Suite, ZAP, Metasploit, NMAP, CANVAS, Cobalt Strike, Empire etc.
- Strong sense of ownership, urgency and drive.
- Strong ability to lead cross-team initiatives and communicate proposals and ideas concisely.
Nice to have attributes…
- Experience securing multi-tenant enterprise SaaS products.
- Knowledge of common compliance frameworks a plus e.g. SOC, SOX, PCI and ISO standards.
- Security Certifications e.g. CISSP, CISM, CEH, AWS Certified Solutions Architect, AWS Certified Speciality.
About FloQast www.floqast.com
FloQast is a fast-growing, Los Angeles-based, growth-stage company redefining how a critical business process (financial close) is performed. Our growth and success are fueled by a passion to define and dominate the close management software market. We are the first company of our kind to focus specifically on the mid-market. Our prospects have been hungry for a solution like FloQast and the response has made FloQast among the fastest growing FinTech companies with now more than 750 customers, including Lyft, Zoom, Twilio and the Golden State Warriors.
- We are fanatics about the success of our customers. Check us out on G2 Crowd
- We are equally fanatic about creating and maintaining a fabulous culture of support and success for all employees.
- We are moving quickly and there is a huge upside opportunity in terms of career growth
- FloQast offers competitive compensation, stock options, full benefits, and a positive and supportive work environment
- Named among Best Places to Work by LA Business Journal in 2017, 2018 and 2019
- Ranked #10 on The SaaS 1000
FloQast, Inc is committed to operating fair and unbiased recruitment procedures allowing all applicants an equal opportunity for employment, free from discrimination on the basis of religion, race, sex, age, sexual orientation, disability, color, ethnic or national origin, or any other classification as may be protected by applicable law. We aim to recruit the right people for the jobs we have to offer, and to assess applications on the basis of relevant skills, education, and experience. We welcome people of different backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and strive to provide a professional and welcoming workplace for all employees.