Staff Application Security Engineer

We are seeking a highly skilled Staff Application Security Engineer to serve as a Subject Matter Expert and expert technical contributor within our security team. This role is focused on driving the hands-on integration of the "Security by Design" philosophy across our product suite, ensuring our applications are resilient against modern threats. You will leverage deep technical expertise in software exploitation and defensive architecture to set secure standards, lead complex security projects, and mentor development teams on secure coding practices. The ideal candidate contributes significantly to technical strategy and architecture, focusing on building sustainable solutions that prevent security issues at scale.

What You’ll Do

Engineer, implement and monitor security measures for the protection of computer systems, networks, and information

Prepare, maintain and document standard operating procedures and protocols

Configure and troubleshoot security infrastructure systems

Develop and maintain technical solutions and security tools to help mitigate security vulnerabilities and automate repeatable tasks

Work closely with technical leads to collate, drive and deliver on a technical strategy and roadmap that encompasses product, cloud, and enterprise security

Assist with security reviews, threat modeling, code reviews

Assist with our vulnerability management efforts across functional teams (enterprise and application security) to ensure we meet our SLAs and help mitigate risks

Be an advocate for security best practices and the point of contact throughout the company

Any other tasks that may be assigned to help the company meet its goals

What You’ll Bring

8+ years of experience with auditing web applications.

3+ years using at least one high level programming language e.g. Node.js, Python, Go, Java, Ruby.

Experience utilizing web application security scanning software and penetration testing tools e.g. Burp Suite, ZAP, Nessus, Qualys, Metasploit, CANVAS, Nuclei, Cobalt Strike.

Experience and desire conducting Security training for developers and the security team.

Experience performing threat modeling and secure design review in order to assess the security implications and requirements of new systems and technologies.

Experience building or working with distributed multi-tier web server-client architectures.

Experience with cloud environments AWS or Azure.

Strong foundational understanding of network and application fundamentals and best practices; e.g. HTTP, DNS, VPN, SAML, OAuth, OpenID etc.

Strong understanding of OWASP Top 10 vulnerabilities in web applications, including XSS, SSRF, IDOR, RCE, CSRF vulnerabilities.

Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM)

Experience implementing security practices in automated CI/CD pipelines for application code, infrastructure, and/or serverless is a plus.

Strong sense of ownership, urgency and drive.

Strong ability to lead cross-team initiatives and communicate proposals and ideas concisely.

Preferred Qualifications:

Certifications: OSCP, OSWA, OSWE, or Burp Suite Certified Practitioner (BSCP).

Programming: Strong programming skills in NodeJS, Python, and/or Go.

Cloud Fluency: Experience securing applications specifically within AWS environments (Lambda, ECS/EKS, DynamoDB security).

Compliance: Familiarity with mapping technical application controls to compliance frameworks like SOC 2, HIPAA, or PCI-DSS.

FloQast is the leading AI-powered Accounting Transformation Platform, uniquely built by former accountants for accountants. We automate complex, recurring accounting workflows—transforming preparers into strategic reviewers and relieving accountants from tedious manual work. Our cloud-based solution is trusted by over 3,500 world-class accounting teams, including Lululemon, Doordash, and the MLB, to drive collaboration and financial accuracy. Driven by a mission to continuously elevate the profession, FloQast is redefining both the practice and the perception of accounting on a global scale.

Our values act as a guiding compass, shaping every decision we make, and are non-negotiable, particularly in our hiring process. Alongside our employees, partners, and customers, we embody these values every day:

Unwaveringly Authentic

Ambitious with Integrity

Empowered to Grow

Committed to Collaboration

Customer Obsessed in All Ways

By applying for this position, you acknowledge and consent to FloQast’s collection, use, processing, and storage of your personal information and application materials in accordance with our privacy policy and applicable law, including, but not limited to, your resume, cover letter, contact information, employment history, references, and any other details or information provided during the application and interview process. Your information may be shared with hiring managers, HR personnel, and other employees involved in the hiring process, as well as authorized third-party service providers who assist with our hiring process. You have the right to access, correct or request the deletion of your personal information at any time. To exercise these rights, or for other questions related to our data practices, please contact us at [email protected]. Your consent is voluntary, but please note that providing this consent is necessary for us to process your application and consider you for employment opportunities. For more details, please see our privacy policy at https://www.floqast.com/legal/privacy-policy.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.