Senior Security Engineer

Summary

Join FloQast as a Senior Software Security Engineer to lead efforts in securing our SaaS application and protecting sensitive data. You will work closely with development teams, conducting code reviews and testing to ensure application integrity. Advanced expertise in the MERN stack and deep knowledge of web protocols and networking are essential. Prior experience as a MERN stack developer is required. The position is remote and based in the US. Visa sponsorship is not available.

Requirements

• Prior experience as a MERN stack developer, with hands-on expertise in building and maintaining applications using MongoDB, Express, React, and NodeJS
• Extensive experience with the MERN stack (MongoDB, Express, React, NodeJS) and securing applications in AWS environments
• Proven expertise in managing DAST/SAST tools and handling vulnerability reports from bug bounty programs
• Advanced knowledge of HTTP protocols, including headers, cookies, and browser behaviors
• Deep expertise in software security principles, secure development practices, and modern web technologies (REST APIs, JSON, OAuth)
• Strong proficiency in networking fundamentals, including DNS, HTTPS, and TCP/IP
• Demonstrated ability to identify and mitigate advanced security vulnerabilities (e.g., OWASP Top 10 and beyond)
• Extensive experience with security testing tools like Burp Suite or similar
• Exceptional problem-solving, analytical, and leadership skills with a focus on detail and impact

Responsibilities

• Code Security Leadership: Drive and own the strategic security roadmap for code integrity across development teams, setting and enforcing enterprise-wide standards
• Quality Gate Ownership: Design and enforce security quality gates, conducting rigorous code reviews, manual runtime testing, and automated scans to certify feature releases
• Vulnerability Management: Spearhead vulnerability triage processes, collaborating with bug bounty researchers and prioritizing remediation based on risk, severity, and business impact
• Engineering Collaboration: Partner with engineering leadership to embed secure coding practices, mentor developers, and drive the resolution of complex security issues, leveraging past MERN stack development experience to guide secure implementation
• Advanced Security Testing: Design and execute comprehensive security testing, including penetration testing, vulnerability analysis, and audits for new features, ensuring compliance with security requirements before production deployment
• HTTP Protocol Mastery: Apply expert-level knowledge of HTTP to secure and optimize requests and responses, including headers, cookies, and caching mechanisms
• Networking Expertise: Leverage in-depth understanding of networking concepts (DNS, HTTPS, firewalls) to architect secure application communication
• Browser Security Leadership: Drive the implementation of advanced browser security mechanisms, such as Content Security Policy (CSP), CORS, and secure cookie handling
• Incident Response Leadership: Lead investigations into complex security incidents, performing root cause analysis and implementing robust preventative measures
• Security Documentation: Author and maintain comprehensive security documentation, including policies, procedures, and system configurations, to support compliance and operational excellence

Preferred Qualifications

• Certifications such as CISSP, CEH, or Offensive Security certifications (OSCP, OSWA, OSWE)
• PortSwigger Academy Certification and/or significant experience with their labs
• Extensive experience with HackTheBox or similar advanced security labs
• Deep expertise in cloud security, particularly within AWS, including secure architecture design
• Familiarity with compliance frameworks (e.g., GDPR, PCI-DSS, SOC 2)
• Experience mentoring junior engineers or leading security training initiatives

Benefits

• Medical, Dental, Vision
• Family Forming benefits
• Life & Disability Insurance
• Unlimited Vacation
• Participation in our Employee Stock Program