Senior Application Security Engineer
Charlotte, North Carolina, United States of America
Full Time
4 hours ago
No Visa Sponsorship
Key skills
Cyber SecurityJavaJavaScriptPythonSDLCTypeScript.NETAILLMServerlessSaaSCI/CDLeadershipCommunicationOWASPPenetration Testing
About this role
Role Overview
- Cross-functionally collaborate with technology teams to identify and remediate security issues.
- Provide guidance to product and technology teams on security best practices.
- Using a variety of tools and experience, develop an understanding of application risk profile, build relationships, and influence decisions to continuously maintain cybersecurity resilience.
- Will utilize software architecture security analysis, web application penetration testing, and application reverse engineering.
- Develop training based on experience and discovery targeting identified areas of opportunity.
- Understand root causes, identify data and patterns associated with potential weaknesses, and drive improvements across all levels of leadership.
- Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents.
- Lead threat modeling and risk discovery efforts across multiple product verticals, provide guidance and mentorship within team and organization.
Requirements
- 5+ years information security experience in a SaaS environment with a deep understanding of application security.
- Experience using common application security tools like (Burp Suite, OWASP ZAP) used for security testing.
- Knowledge of and experience in implementing application security tools and platforms and integrating them into SDLC processes and code delivery pipelines.
- Deep understanding of security protocols, encryption methods, CI/CD pipelines and DevSecOps practices.
- Appsec-level proficiency in programming languages (such as .Net, JavaScript, TypeScript, Java, Python)
- Experience leveraging AI tooling and capabilities (LLM / MCP) in an information security context.
- Plus but not required: Certifications such as CPSA, CRT, CCSAS, CompTIA Pentest+, OSCP, ECSA/LPT, CISSP
- Working knowledge of infrastructure as code tools, serverless architectures.
- Strong technical aptitude, genuine “ambassador and practitioner” interest in cybersecurity and technology, problem solver attitude.
- Proven ability to think critically and address complex security challenges by building strong relationships with colleagues and stakeholders.
- Self-motivated and proactive mindset in identifying potential security risks and implementing preventive measures.
- Excellent verbal and written communication skills to convey complex security concepts to both technical and non-technical stakeholders.
- Ability to work well within a team and across departments to achieve common security goals.
Tech Stack
- Cyber Security
- Java
- JavaScript
- Python
- SDLC
- TypeScript
Benefits
- 18 days PTO*
- 11 Holidays (8 company recognized & 3 floating holidays)
- 16 hours per year of paid Volunteer Time Off (VTO)
- Competitive Healthcare
- 401(k) Match: 100% match on the first 3% of your salary, plus 50% match on the next 2%
- Parental Leave: 8 weeks 100% paid by AvidXchange**
- Discounts on Pet, Home, and Auto insurance
- WeeCare Childcare Service: helps teammates find affordable daycare, childcare, and tutors 40% less expensive than traditional daycare centers
- Perks at Work: free discount program that provides teammates the opportunity to save on items from electronics, movie tickets, car buying, vacations, and more
- Onsite gym fitness center, yoga studio, and basketball court
- Tuition Reimbursement up to the federal maximum of $5,250***
- Hybrid Workplace Flexibility
- Free parking