AvidXchange

Senior Application Security Engineer

AvidXchange$100K — $130K *
Charlotte, NC 28269In-Person
Information Technology
5 - 7 years of experience
Today
Be an Early Applicant
Job Overview by Ladders

Qualifications

  • 5+ years of experience in information security within a SaaS environment focused on application security.
  • Familiarity with application security tools like Burp Suite and OWASP ZAP.
  • Understanding of security protocols and CI/CD processes, including DevSecOps practices.
  • Proficiency in programming languages such as .Net, JavaScript, TypeScript, Java, and Python.
  • Experience with AI tooling and capabilities relevant to information security.
  • Certifications like CPSA, CRT, or CISSP are a plus but not mandatory.
  • Knowledge of infrastructure as code tools and serverless architecture.

Responsibilities

  • Collaborate with technology teams to identify and address security vulnerabilities.
  • Provide security best practice guidance to product and technology teams.
  • Develop an understanding of application risk profiles and influence decisions.
  • Conduct security analysis, penetration testing, and reverse engineering of applications.
  • Create training content based on security findings and areas for improvement.
  • Analyze incidents and drive improvements in application security practices.
  • Lead threat modeling and risk assessment initiatives across product lines.

Benefits

  • Opportunities for professional development and training.
  • Flexible work environment with a focus on work-life balance.
  • Collaborative and innovative company culture.
  • Chance to work with cutting-edge security tools and technologies.
Full Job Description
Overview:

As an Application Engineer you will play a crucial role in ensuring the security and integrity of our applications, systems, and data. In the role you will be responsible for identifying and driving remediations of vulnerabilities and threats across our product portfolio.

What you'll do:
  • Cross-functionally collaborate with technology teams to identify and remediate security issues.
  • Provide guidance to product and technology teams on security best practices.
  • Using a variety of tools and experience, develop an understanding of application risk profile, build relationships, and influence decisions to continuously maintain cybersecurity resilience.
  • Will utilize software architecture security analysis, web application penetration testing, and application reverse engineering.
  • Develop training based on experience and discovery targeting identified areas of opportunity.
  • Understand root causes, identify data and patterns associated with potential weaknesses, and drive improvements across all levels of leadership.
  • Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents.
  • Lead threat modeling and risk discovery efforts across multiple product verticals, provide guidance and mentorship within team and organization.


What we're looking for:
  • 5+ years information security experience in a SaaS environment with a deep understanding of application security.
  • Experience using common application security tools like (Burp Suite, OWASP ZAP) used for security testing.
  • Knowledge of and experience in implementing application security tools and platforms and integrating them into SDLC processes and code delivery pipelines.
  • Deep understanding of security protocols, encryption methods, CI/CD pipelines and DevSecOps practices.
  • Appsec-level proficiency in programming languages (such as .Net, JavaScript, TypeScript, Java, Python)
  • Experience leveraging AI tooling and capabilities (LLM / MCP) in an information security context.
  • Plus but not required: Certifications such as CPSA, CRT, CCSAS, CompTIA Pentest+, OSCP, ECSA/LPT, CISSP
  • Working knowledge of infrastructure as code tools, serverless architectures.
  • Strong technical aptitude, genuine "ambassador and practitioner" interest in cybersecurity and technology, problem solver attitude.
  • Proven ability to think critically and address complex security challenges by building strong relationships with colleagues and stakeholders.
  • Self-motivated and proactive mindset in identifying potential security risks and implementing preventive measures.
  • Excellent verbal and written communication skills to convey complex security concepts to both technical and non-technical stakeholders.
  • Ability to work well within a team and across departments to achieve common security goals.

About AvidXchange

AvidXchange is a financial technology company that provides accounts payable and payment automation solutions for midsize companies. The company's products include invoice and payment processing, purchase order management, and payment services. AvidXchange serves customers in various industries, including real estate, healthcare, and construction. The company was founded in 2000 and is headquartered in Charlotte, North Carolina.
Learn more about AvidXchange
Size
1,500 employees
Market Cap
$1.7 billion
Industry
Finance & Insurance
Founded
2000
NASDAQ
AVDX
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at AvidXchange

More Information Technology Jobs

Find similar Senior Application Security Engineer jobs:

NationwideCharlotte, NC