AvidXchange

Senior Application Security Engineer

AvidXchange$100K — $130K *
US-AnywhereRemote in Charlotte, NC
Information Technology
5 - 7 years of experience
Today
Be an Early Applicant
Job Overview by Ladders

Qualifications

  • 5+ years of information security experience in a SaaS environment with a strong focus on application security.
  • Proficient in using application security tools like Burp Suite and OWASP ZAP for security testing.
  • Experience in implementing security tools within SDLC and CI/CD pipelines.
  • Deep understanding of security protocols, encryption, and DevSecOps practices.
  • Proficient in programming languages such as .Net, JavaScript, TypeScript, Java, and Python.
  • Familiarity with AI tooling in an information security context is a plus.
  • Certifications like CPSA, CRT, CCSAS, and others are beneficial but not mandatory.

Responsibilities

  • Collaborate with technology teams to identify and remediate security issues.
  • Guide product and tech teams on security best practices.
  • Develop understanding of application risk profiles using various tools and relationships.
  • Conduct software architecture security analysis and penetration testing.
  • Create training based on security insights and identified improvement areas.
  • Investigate and respond to application security incidents, ensuring documentation.
  • Lead threat modeling and risk discovery efforts across product verticals.

Benefits

  • Flexible working hours to encourage work-life balance.
  • Opportunities for professional development and training.
  • Collaborative and team-oriented work environment.
  • Access to cutting-edge security tools and technologies.
  • Health and wellness programs to support employee well-being.
Full Job Description
Overview:

As an Application Engineer you will play a crucial role in ensuring the security and integrity of our applications, systems, and data. In the role you will be responsible for identifying and driving remediations of vulnerabilities and threats across our product portfolio.

What you'll do:
  • Cross-functionally collaborate with technology teams to identify and remediate security issues.
  • Provide guidance to product and technology teams on security best practices.
  • Using a variety of tools and experience, develop an understanding of application risk profile, build relationships, and influence decisions to continuously maintain cybersecurity resilience.
  • Will utilize software architecture security analysis, web application penetration testing, and application reverse engineering.
  • Develop training based on experience and discovery targeting identified areas of opportunity.
  • Understand root causes, identify data and patterns associated with potential weaknesses, and drive improvements across all levels of leadership.
  • Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents.
  • Lead threat modeling and risk discovery efforts across multiple product verticals, provide guidance and mentorship within team and organization.


What we're looking for:
  • 5+ years information security experience in a SaaS environment with a deep understanding of application security.
  • Experience using common application security tools like (Burp Suite, OWASP ZAP) used for security testing.
  • Knowledge of and experience in implementing application security tools and platforms and integrating them into SDLC processes and code delivery pipelines.
  • Deep understanding of security protocols, encryption methods, CI/CD pipelines and DevSecOps practices.
  • Appsec-level proficiency in programming languages (such as .Net, JavaScript, TypeScript, Java, Python)
  • Experience leveraging AI tooling and capabilities (LLM / MCP) in an information security context.
  • Plus but not required: Certifications such as CPSA, CRT, CCSAS, CompTIA Pentest+, OSCP, ECSA/LPT, CISSP
  • Working knowledge of infrastructure as code tools, serverless architectures.
  • Strong technical aptitude, genuine "ambassador and practitioner" interest in cybersecurity and technology, problem solver attitude.
  • Proven ability to think critically and address complex security challenges by building strong relationships with colleagues and stakeholders.
  • Self-motivated and proactive mindset in identifying potential security risks and implementing preventive measures.
  • Excellent verbal and written communication skills to convey complex security concepts to both technical and non-technical stakeholders.
  • Ability to work well within a team and across departments to achieve common security goals.

About AvidXchange

AvidXchange is a financial technology company that provides accounts payable and payment automation solutions for midsize companies. The company's products include invoice and payment processing, purchase order management, and payment services. AvidXchange serves customers in various industries, including real estate, healthcare, and construction. The company was founded in 2000 and is headquartered in Charlotte, North Carolina.
Learn more about AvidXchange
Size
1,500 employees
Market Cap
$1.7 billion
Industry
Finance & Insurance
Founded
2000
NASDAQ
AVDX
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at AvidXchange

More Information Technology Jobs

Find similar Senior Application Security Engineer jobs:

NationwideRemote