Staff Application Security Engineer

We are seeking a highly skilled Staff Application Security Engineer to serve as a Subject Matter Expert and expert technical contributor within our security team. This role is focused on driving the hands-on integration of the "Security by Design" philosophy across our product suite, ensuring our applications are resilient against modern threats. You will leverage deep technical expertise in software exploitation and defensive architecture to set secure standards, lead complex security projects, and mentor development teams on secure coding practices. The ideal candidate contributes significantly to technical strategy and architecture, focusing on building sustainable solutions that prevent security issues at scale.

What You’ll Do

• Engineer, implement and monitor security measures for the protection of computer systems, networks, and information

• Prepare, maintain and document standard operating procedures and protocols

• Configure and troubleshoot security infrastructure systems

• Develop and maintain technical solutions and security tools to help mitigate security vulnerabilities and automate repeatable tasks

• Work closely with technical leads to collate, drive and deliver on a technical strategy and roadmap that encompasses product, cloud, and enterprise security

• Assist with security reviews, threat modeling, code reviews

• Assist with our vulnerability management efforts across functional teams (enterprise and application security) to ensure we meet our SLAs and help mitigate risks

• Be an advocate for security best practices and the point of contact throughout the company

• Any other tasks that may be assigned to help the company meet its goals

What You’ll Bring

• 8+ years of experience with auditing web applications.

• 3+ years using at least one high level programming language e.g. Node.js, Python, Go, Java, Ruby.

• Experience utilizing web application security scanning software and penetration testing tools e.g. Burp Suite, ZAP, Nessus, Qualys, Metasploit, CANVAS, Nuclei, Cobalt Strike.

• Experience and desire conducting Security training for developers and the security team.

• Experience performing threat modeling and secure design review in order to assess the security implications and requirements of new systems and technologies.

• Experience building or working with distributed multi-tier web server-client architectures.

• Experience with cloud environments AWS or Azure.

• Strong foundational understanding of network and application fundamentals and best practices; e.g. HTTP, DNS, VPN, SAML, OAuth, OpenID etc.

• Strong understanding of OWASP Top 10 vulnerabilities in web applications, including XSS, SSRF, IDOR, RCE, CSRF vulnerabilities.

• Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM)

• Experience implementing security practices in automated CI/CD pipelines for application code, infrastructure, and/or serverless is a plus.

• Strong sense of ownership, urgency and drive.

• Strong ability to lead cross-team initiatives and communicate proposals and ideas concisely.

Preferred Qualifications:

• Certifications: OSCP, OSWA, OSWE, or Burp Suite Certified Practitioner (BSCP).
• Programming: Strong programming skills in NodeJS, Python, and/or Go.
• Cloud Fluency: Experience securing applications specifically within AWS environments (Lambda, ECS/EKS, DynamoDB security).
• Compliance: Familiarity with mapping technical application controls to compliance frameworks like SOC 2, HIPAA, or PCI-DSS.

FloQast is the leading AI-powered Accounting Transformation Platform, uniquely built by former accountants for accountants. We automate complex, recurring accounting workflows—transforming preparers into strategic reviewers and relieving accountants from tedious manual work. Our cloud-based solution is trusted by over 3,500 world-class accounting teams, including Lululemon, Doordash, and the MLB, to drive collaboration and financial accuracy. Driven by a mission to continuously elevate the profession, FloQast is redefining both the practice and the perception of accounting on a global scale. 

Our values act as a guiding compass, shaping every decision we make, and are non-negotiable, particularly in our hiring process. Alongside our employees, partners, and customers, we embody these values every day:

Unwaveringly Authentic 

Ambitious with Integrity

Empowered to Grow

Committed to Collaboration

Customer Obsessed in All Ways

By applying for this position, you acknowledge and consent to FloQast’s collection, use, processing, and storage of your personal information and application materials in accordance with our privacy policy and applicable law, including, but not limited to, your resume, cover letter, contact information, employment history, references, and any other details or information provided during the application and interview process. Your information may be shared with hiring managers, HR personnel, and other employees involved in the hiring process, as well as authorized third-party service providers who assist with our hiring process. You have the right to access, correct or request the deletion of your personal information at any time. To exercise these rights, or for other questions related to our data practices, please contact us at recruiting@floqast.com. Your consent is voluntary, but please note that providing this consent is necessary for us to process your application and consider you for employment opportunities. For more details, please see our privacy policy at https://www.floqast.com/legal/privacy-policy.

FloQast, Inc is committed to operating fair and unbiased recruitment procedures allowing all applicants an equal opportunity for employment, free from discrimination on the basis of religion, race, sex, age, sexual orientation, disability, color, ethnic or national origin, or any other classification as may be protected by applicable law. We aim to recruit the right people for the jobs we have to offer, and to assess applications on the basis of relevant skills, education, and experience. We welcome people of different backgrounds, experiences, abilities, and perspectives. We are an equal opportunity employer and strive to provide a professional and welcoming workplace for all employees.