CaptivateIQ

Senior Security Engineer - Application & Product Security

Canada

Not SpecifiedCompensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Sales Performance Management, SaaSIndustries

Requirements

Candidates should have 7+ years of experience in a security engineer or related role, with at least 4 years specializing in web application, API, and product security. Deep expertise in securing multi-tenant SaaS platforms and features is required, along with strong communication skills and the ability to influence software engineers and product managers. Advanced experience in penetration testing, code reviews, and vulnerability assessments is necessary, as is expert knowledge of OWASP Top 10, web application and API security, and common vulnerability classes with practical remediation strategies. Hands-on experience with AppSec tooling (SAST, DAST, SCA) integrated into CI/CD pipelines, strong programming and scripting skills (Python preferred), and the ability to influence secure coding practices are essential. Proven ability to lead incident response for application-layer security events, familiarity with compliance frameworks (SOC 2, ISO 27001), secure SDLC practices, and knowledge of privacy-by-design principles and data security in SaaS environments are also required. Awareness of emerging AI/ML security risks is a plus.

Responsibilities

The Senior Security Engineer will own the AppSec strategy, driving threat modeling and secure architecture design, and performing offensive security testing. Responsibilities include leading manual and automated penetration testing, managing AppSec tooling (SAST, DAST, SCA), and building developer enablement programs. The role also involves vulnerability management, leading incident response for application-layer events, ensuring compliance alignment for SOC 2, ISO 27001, and privacy requirements, and contributing to customer security assessments and documentation.

Skills

Application Security
Product Security
Threat Modeling
Secure Architecture Design
Offensive Security Testing
Penetration Testing
SAST
DAST
SCA
Vulnerability Management
Incident Response
SOC 2
ISO 27001
Privacy Requirements
Web Applications
APIs

CaptivateIQ

Sales commission automation and tracking platform

About CaptivateIQ

CaptivateIQ provides a sales commission solution that automates and simplifies the commission calculation process for sales teams. The platform integrates various data sources, allowing for real-time commission calculations and reducing the need for manual data entry. Its interface is designed to be user-friendly, resembling tools like Excel or Google Sheets, which makes it accessible to users without coding skills. What sets CaptivateIQ apart from its competitors is its ability to offer customizable reports and commission plans, ensuring that all team members are aligned and motivated. The goal of CaptivateIQ is to help sales-driven organizations optimize their incentive structures and enhance operational efficiency.

San Francisco, CaliforniaHeadquarters
2017Year Founded
$154.7MTotal Funding
SERIES_CCompany Stage
Fintech, Financial ServicesIndustries
201-500Employees

Benefits

Health Insurance
Paid Vacation
401(k) Company Match
Flexible Work Hours
Home Office Stipend
Professional Development Budget

Risks

Emerging fintech startups pose a competitive threat to CaptivateIQ's market share.
Continuous innovation in AI and machine learning may strain CaptivateIQ's resources.
Integration challenges with new features like SmartGrid could disrupt existing client systems.

Differentiation

CaptivateIQ offers a no-code platform for commission management, accessible to non-technical users.
The company provides real-time commission calculations, enhancing speed and accuracy for enterprises.
CaptivateIQ's customizable reports and plans align with personalized employee incentive structures.

Upsides

The rise of no-code platforms supports CaptivateIQ's user-friendly commission management approach.
CaptivateIQ's cloud-based platform benefits from the trend towards remote work solutions.
The subscription-based model offers predictable revenue streams, aligning with industry trends.

Land your dream remote job 3x faster with AI