Senior Application Security Engineer
M&T BankFull Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Candidates should have 7+ years of experience in a security engineer or related role, with at least 4 years specializing in web application, API, and product security. Deep expertise in securing multi-tenant SaaS platforms and features is required, along with strong communication skills and the ability to influence software engineers and product managers. Advanced experience in penetration testing, code reviews, and vulnerability assessments is necessary, as is expert knowledge of OWASP Top 10, web application and API security, and common vulnerability classes with practical remediation strategies. Hands-on experience with AppSec tooling (SAST, DAST, SCA) integrated into CI/CD pipelines, strong programming and scripting skills (Python preferred), and the ability to influence secure coding practices are essential. Proven ability to lead incident response for application-layer security events, familiarity with compliance frameworks (SOC 2, ISO 27001), secure SDLC practices, and knowledge of privacy-by-design principles and data security in SaaS environments are also required. Awareness of emerging AI/ML security risks is a plus.
The Senior Security Engineer will own the AppSec strategy, driving threat modeling and secure architecture design, and performing offensive security testing. Responsibilities include leading manual and automated penetration testing, managing AppSec tooling (SAST, DAST, SCA), and building developer enablement programs. The role also involves vulnerability management, leading incident response for application-layer events, ensuring compliance alignment for SOC 2, ISO 27001, and privacy requirements, and contributing to customer security assessments and documentation.
Sales commission automation and tracking platform
CaptivateIQ provides a sales commission solution that automates and simplifies the commission calculation process for sales teams. The platform integrates various data sources, allowing for real-time commission calculations and reducing the need for manual data entry. Its interface is designed to be user-friendly, resembling tools like Excel or Google Sheets, which makes it accessible to users without coding skills. What sets CaptivateIQ apart from its competitors is its ability to offer customizable reports and commission plans, ensuring that all team members are aligned and motivated. The goal of CaptivateIQ is to help sales-driven organizations optimize their incentive structures and enhance operational efficiency.