Application Security Engineer
AvidXchange is the industry leader in automating invoice and payment processes for mid-market businesses. Founded in the year 2000, AvidXchange processes over $140 billion transactions annually across its network of more than 600,000 suppliers, transforming the way 6,000 customers in North America pay their bills. AvidXchange is distinguished as a global fintech unicorn and one of the fastest growing technology companies in the U.S. with 1,400 employees supporting customers across seven office locations. Our employees live by our core values, including “Innovate to Change the Game”, “Passion about Customer Success”, “Win as a Team”, “Play to our Strengths”, and “Have a Blast”. We are on a mission to create something different at AvidXchange. Come join the team!
As an Application Security Engineer I, you will work closely with our software development teams, architects and other application security engineers to drive security advancements to our products. As we re-write a majority of our legacy applications and build new cloud-native applications, this is an exciting opportunity to join growing fintech company. You will be responsible for managing our application security tools, identify/analyze vulnerabilities from this tool and work with teams through remediation/mitigation and conduct code reviews. The ideal candidate is passionate about continuing their growth in Application Security or looking to transition themselves from development in Application Security (with some experience/exposure to security).
• Review code and perform static/dynamic code analysis as part of the SDLC, identifying weaknesses for remediation
• Partner with enterprise and solution architects, software engineers, DBA's and QA engineers to ensure adequate security is in place throughout the SDLC
• Prioritize and track security issues while working with the necessary teams to ensure remediation
• Stay up to date on current software development technologies, security controls, threats, and vulnerabilities
Required Education, Skills, and Qualifications
• 1+ years of experience in a software development role such as Software Developer, Software Quality Assurance, or Security Engineer with a good understanding of application security;
• Foundational knowledge of web application design best practices and secure software development;
• Understanding of agile development practices, and how to integrate security into those practices;
• Experience with .NET/ C# OR another OOP language;
• Understanding of the OWASP top 10 and application security vulnerabilities.
• Bachelor’s degree in Cyber Security, Information Systems, or Computer Science
• Experience with PCI compliance;
• Security certifications such as CISSP, CSSLP, GWEB, or other web application security certifications;
• Experience with cloud computing, Microsoft Azure platforms, and logic apps;
• Knowledge of WCF, AJAX, HTML, ESB (Neuron a plus), SSIS/TSQL, jQuery;
• Knowledge of one of the following Aurelia, Angular, Vue.js or KendoUI;
• Experience with SOA, web services, REST, SOAP, XSLT, XSD, and XML;
• Experience with SQL Server (2012+) including stored procedures, indexes, functions, and triggers;
• Knowledge of common web application security flaws and secure coding practices, and the ability to clearly explain security issues to project and development staff;
• Experience with using security testing tools (Fortify/WebInspect/Burp Suite or similar).
- Job Family Information Technology
- Job Function IT Security
- Pay Type Salary
- Employment Indicator Professional