Senior Application Security Engineer
M&T BankSalary not specified
Full Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Not SpecifiedCompensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Sales Performance Management, SaaSIndustries
Requirements
Candidates should have 7+ years of experience in a security engineer or related role, with at least 4 years specializing in web application, API, and product security. Deep expertise in securing multi-tenant SaaS platforms and features is required, along with strong communication skills and the ability to influence software engineers and product managers. Advanced experience in penetration testing, code reviews, and vulnerability assessments is necessary, as is expert knowledge of OWASP Top 10, web application and API security, and common vulnerability classes with practical remediation strategies. Hands-on experience with AppSec tooling (SAST, DAST, SCA) integrated into CI/CD pipelines, strong programming and scripting skills (Python preferred), and the ability to influence secure coding practices are essential. Proven ability to lead incident response for application-layer security events, familiarity with compliance frameworks (SOC 2, ISO 27001), secure SDLC practices, and knowledge of privacy-by-design principles and data security in SaaS environments are also required. Awareness of emerging AI/ML security risks is a plus.
Responsibilities
The Senior Security Engineer will own the AppSec strategy, driving threat modeling and secure architecture design, and performing offensive security testing. Responsibilities include leading manual and automated penetration testing, managing AppSec tooling (SAST, DAST, SCA), and building developer enablement programs. The role also involves vulnerability management, leading incident response for application-layer events, ensuring compliance alignment for SOC 2, ISO 27001, and privacy requirements, and contributing to customer security assessments and documentation.
Skills
Application Security
Product Security
Threat Modeling
Secure Architecture Design
Offensive Security Testing
Penetration Testing
SAST
DAST
SCA
Vulnerability Management
Incident Response
SOC 2
ISO 27001
Privacy Requirements
Web Applications
APIs
CaptivateIQ
Sales commission automation and tracking platform
About CaptivateIQ
CaptivateIQ provides a sales commission solution that automates and simplifies the commission calculation process for sales teams. The platform integrates various data sources, allowing for real-time commission calculations and reducing the need for manual data entry. Its interface is designed to be user-friendly, resembling tools like Excel or Google Sheets, which makes it accessible to users without coding skills. What sets CaptivateIQ apart from its competitors is its ability to offer customizable reports and commission plans, ensuring that all team members are aligned and motivated. The goal of CaptivateIQ is to help sales-driven organizations optimize their incentive structures and enhance operational efficiency.
San Francisco, CaliforniaHeadquarters
2017Year Founded
$154.7MTotal Funding
SERIES_CCompany Stage
Fintech, Financial ServicesIndustries
201-500Employees
Benefits
Health Insurance
Paid Vacation
401(k) Company Match
Flexible Work Hours
Home Office Stipend
Professional Development Budget
Risks
Emerging fintech startups pose a competitive threat to CaptivateIQ's market share.
Continuous innovation in AI and machine learning may strain CaptivateIQ's resources.
Integration challenges with new features like SmartGrid could disrupt existing client systems.
Differentiation
CaptivateIQ offers a no-code platform for commission management, accessible to non-technical users.
The company provides real-time commission calculations, enhancing speed and accuracy for enterprises.
CaptivateIQ's customizable reports and plans align with personalized employee incentive structures.
Upsides
The rise of no-code platforms supports CaptivateIQ's user-friendly commission management approach.
CaptivateIQ's cloud-based platform benefits from the trend towards remote work solutions.
The subscription-based model offers predictable revenue streams, aligning with industry trends.
Related Jobs
RemoteRemoteSecurity Engineer, Product Security
Chainlink LabsSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteSoftware Architect - Privileged Access Management
SaviyntSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSenior Engineer, App Security
HealthieSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSenior Software Security Engineer
Muon SpaceSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSenior Software Engineer, Mobile - iOS
Included Health$138,380 - $254,111/year
- Full Time
- Senior (5 to 8 years)
RemoteSr. Engineer, Product Abuse - Product Security (Remote)
CrowdstrikeSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSenior Offensive Security Consultant
SpecterOps$145,000 - $170,000/year
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteApplication Security Engineer (Senior level)
KustomerSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteGroup Product Manager, Financial Services and Compliance
ZoomSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteSenior Security Engineer, Application Security
Trail of BitsSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSecurity Architect
EarnestSalary not specified
- Full Time
- Expert & Leadership (9+ years)