Application Security Engineer

Job Description

Job Description

About InvoiceCloud :

InvoiceCloud is a fast-growing fintech company with an award-winning culture and a leading disruptor in the electronic bill presentment and payment (EBPP) space. Serving more than 3,200 customers across the utility, government, and insurance industries, InvoiceCloud's secure and innovative SaaS platform enhances the customer experience, driving higher digital payment, AutoPay, and paperless adoption rates. By switching to InvoiceCloud, clients can improve customer engagement and satisfaction while lowering costs, accelerating payments, and reducing staff workloads. To learn more, visit InvoiceCloud.com.

Mission :

Excellence in technology, information security, and regulatory compliance are foundational to our success. While complex software development lifecycle (SDLC) processes are supported and automated by advanced systems, their effectiveness depends on consistent, reliable execution across all business functions. This challenge is amplified by variations in coding practices and development pipelines across teams and organizations. To meet these demands, a comprehensive and integrated application security program must be clearly defined, diligently maintained, effectively implemented, and consistently measured to ensure that every application we deliver achieves the level of security expected by both our company and our customers.

The Application Security Engineer plays a key role in reducing risk across InvoiceCloud's platform by driving the application security program. This role requires strong attention to detail, persistence, expertise in application security and programming languages, planning skills, self-motivation, organization, communication, and problem-solving abilities. The Application Security Engineer will own all aspects of creating, fostering, implementing, and maintaining an application security program across the firm. The primary objective of this position is to consistently identify, prioritize, and mitigate risks related to application security in an effective manner.

Responsibilities :

• Lead application security reviews and threat modeling, including code review and dynamic testing.
• Own and perform application security vulnerability management.
• Lead product and development teams in application security.
• Lead development of automated security testing to validate that secure coding best practices are being used.
• Guide and advise product development teams as SMEs in the area of application security.
• Work closely with developers to help improve the security of their products and services, as well as designing technical solutions to address security weaknesses, and working with relevant stakeholders to implement them.
• Serve as the liaison between management and development resources for matters pertaining to application security initiatives.
• Serve as the point of contact regarding overall application security program process.
• Interact with development personnel, management, consultants, and other company personnel to proactively and reactively maintain security risk objectives.
• Collaborate in the creation, maintenance of IT control matrices and IT process documentation for various compliance requirements (PCI DSS, NIST CSF, Enterprise Risk & Security and Operations, Applications, and ITGC procedures).

Qualifications :

This role has privileged access to highly sensitive information, intellectual property, legal matters, and complex business scenarios. The successful candidate has :

Personal Skills

Base salary is one component of total compensation. Employees may also be eligible for an annual bonus or commission. Some roles may also be eligible for overtime pay. The above represents the expected base compensation range for this job requisition. Ultimately, in determining your pay, we'll consider many factors including, but not limited to, skills, experience, qualifications, geographic location, and other job-related factors.

Base Compensation Range

$145,000—$170,000 USD

InvoiceCloud is an Equal Opportunity Employer.

InvoiceCloud provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

If you have a disability under the Americans with Disabilities Act or similar law, or you require a religious accommodation, and you wish to discuss potential accommodations related to applying for employment at our company, please contact jobs@invoicecloud.com.

Click here to review InvoiceCloud's Job Applicant Privacy Policy.

To all recruitment agencies :  InvoiceCloud does not accept agency resumes. Please do not forward resumes to our job's alias, employees, or any other organization location. Invoice Cloud is not responsible for any fees related to unsolicited resumes.