Application Security Engineer

AvidXchange Birmingham AL, Two Perimeter Park South, Birmingham, Alabama, United States of America ● AvidXchange Charlotte NC, 1210 AVIDXCHANGE LN, CHARLOTTE, North Carolina, United States of America ● AvidXchange Columbus MS, 319 Park Creek Dr, Columbus, Mississippi, United States of America ● AvidXchange Houston TX, 2100 TRAVIS ST, SUITE 300, HOUSTON, Texas, United States of America ● AvidXchange Sandy UT, 111 E Sego Lily Drive, SANDY, Utah, United States of America Req #2538
Thursday, December 10, 2020
About AvidXchange 
 
AvidXchange is the industry leader in automating invoice and payment processes for mid-market businesses. Founded in the year 2000, AvidXchange processes over $140 billion transactions annually across its network of more than 600,000 suppliers, transforming the
way 6,000 customers in North America pay their bills. AvidXchange is distinguished as a global fintech unicorn and one of the fastest growing technology companies in the U.S. with 1,400 employees supporting customers across seven office locations. Our employees live by our core values, including “Innovate to Change the Game”, “Passion about Customer Success”, “Win as a Team”, “Play to our Strengths”, and “Have a Blast”. We are on a mission to create something different at AvidXchange. Come join the team!

Overview
 

As an Application Security Engineer I, you will work closely with our software development teams, architects and other application security engineers to drive security advancements to our products. As we re-write a majority of our legacy applications and build new cloud-native applications, this is an exciting opportunity to join growing fintech company. You will be responsible for managing our application security tools, identify/analyze vulnerabilities from this tool and work with teams through remediation/mitigation and conduct code reviews. The ideal candidate is passionate about continuing their growth in Application Security or looking to transition themselves from development in Application Security (with some experience/exposure to security).


Job Responsibilities
 

• Review code and perform static/dynamic code analysis as part of the SDLC, identifying weaknesses for remediation 

• Partner with enterprise and solution architects, software engineers, DBA's and QA engineers to ensure adequate security is in place throughout the SDLC

• Prioritize and track security issues while working with the necessary teams to ensure remediation

• Stay up to date on current software development technologies, security controls, threats, and vulnerabilities

 

Required Education, Skills, and Qualifications
 

• 1+ years of experience in a software development role such as Software Developer, Software Quality Assurance, or Security Engineer with a good understanding of application security; 

• Foundational knowledge of web application design best practices and secure software development;

• Understanding of agile development practices, and how to integrate security into those practices;

• Experience with .NET/ C#  OR another OOP language;

• Understanding of the OWASP top 10 and application security vulnerabilities.


Preferred Experience
 

• Bachelor’s degree in Cyber Security, Information Systems, or Computer Science

• Experience with PCI compliance;

• Security certifications such as CISSP, CSSLP, GWEB, or other web application security certifications;

• Experience with cloud computing, Microsoft Azure platforms, and logic apps;

• Knowledge of WCF, AJAX, HTML, ESB (Neuron a plus), SSIS/TSQL, jQuery;

• Knowledge of one of the following  Aurelia, Angular, Vue.js or KendoUI;

• Experience with SOA, web services, REST, SOAP, XSLT, XSD, and XML;

• Experience with SQL Server (2012+) including stored procedures, indexes, functions, and triggers;

• Knowledge of common web application security flaws and secure coding practices, and the ability to clearly explain security issues to project and development staff;

• Experience with using security testing tools (Fortify/WebInspect/Burp Suite or similar).

Equal Employment Opportunity Statement

AvidXchange is an equal opportunity employer.  AvidXchange is committed to equal employment opportunity in accordance with applicable federal, state and local laws.
  AvidXchange will not discriminate against applicants for employment on any legally recognized basis. This includes, but is not limited to: veteran status, race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age and physical or mental disability.

Other details

  • Job Family Information Technology
  • Job Function IT Security
  • Pay Type Salary
  • Employment Indicator Professional