Emburse Logo

Emburse

Senior Application Security Engineer

Posted 7 Days Ago
Be an Early Applicant
Remote
Hiring Remotely in Canada
Senior level
Remote
Hiring Remotely in Canada
Senior level
The Senior Application Security Engineer at Emburse will lead application security initiatives, integrate security practices in the software development lifecycle, conduct security assessments, manage vulnerability scanning and penetration testing, and create metrics for the application security program. They will work closely with engineering and product teams to remediate vulnerabilities and prioritize security efforts.
The summary above was generated by AI

Who We Are:


At Emburse, you’ll not just imagine the future – you’ll build it. As a leader in travel and expense solutions, we are creating a future where technology drives business value and inspires extraordinary results. 


The Senior Application Security Engineer will oversee the application security initiatives across Emburse products. This role will be part of the Information Security team and work closely with the engineering and DevOps to integrate security best practices throughout the software development lifecycle (SDLC). This role will also involve conducting security assessments and providing remediation guidance. 


What You Will Do

  • Lead “shift left” security efforts to build security into the software development lifecycle.
  • Build relationships and work directly with engineering teams on security best practices and to remediate identified vulnerabilities. 
  • Work with product teams to ensure the vulnerabilities are remediated within procedural timeframes.
  • Partner with product teams to establish and prioritize a technical roadmap for 3rd party and open source frameworks and libraries to ensure products are up to date and can respond effectively to zero day threats
  • Triage and prioritize bug bounty submissions, code scanning results, and engineering audit vulnerability findings, track remediation, and validate fixes.
  • Assist with internal vulnerability scanning, external vulnerability scanning, segmentation testing, and management of penetration testing. 
  • Conduct secure design reviews and threat modeling. Identify and prioritize risks, attack surfaces, and vulnerabilities.
  • Create metrics and reporting of the application security program.


What You Will Bring

  • 7+ years of industry experience in application security, security architecture, secure software development, software vulnerability management for multiple technology platforms, frameworks and languages. 
  • Expertise with application security implementations and standard methodologies.
  • Extensive knowledge and comfort with the OWASP Top 10 and common web application exploitation techniques, and their respective countermeasures.
  • Experience with DevSecOps, DevOps, CICD pipelines, and secure code development.
  • Use of security tools (ex: SAST, IAST, CSPM, SIEM) 
  • SaaS experience working with web and mobile solutions to provide security
  • Experience working with Snyk, Bug Bounty, Wiz, Hacker Guardian, Hunters strongly preferred
  • Experience working with compliance frameworks (i.e. PCI, SOC 2, ISO 27001, NIST)
  • Experience performing and coordinating security assessments: internal vulnerability scans, external vulnerability scans, network segmentation testing, and web application penetration testing.
  • Relevant certifications such as CISSP, CCSP, GWEB, GWAPT, GMOB, CompTIA Security+, etc.
  • Experience working on large cross functional teams, representing IT compliance on initiatives such as change management, identity and access management, policy management and data retention.
  • Strong communication skills to effectively solve complex issues to stakeholders in a clear and easy to understand way
  • Ability to develop creative and adaptive solutions to unique and complex security items
  • Comfortable with a rapid-paced working environment and meeting deadlines
  • Bachelor’s degree in Computer Science, Information Systems, or equivalent work experience

Why Emburse?


Finance is changing—and at Emburse, we’re leading the way. Our AI-powered solutions help organizations eliminate inefficiencies, gain real-time visibility, and optimize spend—so they can focus on what’s next, not what’s slowing them down.

A Company with Momentum – We serve 12M+ users across 120 countries, helping businesses modernize

 their finance operations.

A Team That Innovates – Work alongside some of the brightest minds in finance, tech, and AI to solve real-

 world challenges.

A Culture That Empowers – Competitive pay, flexible work, and an inclusive, collaborative environment that

 supports your success.

A Career That Matters – Your work here drives efficiency, innovation, and smarter financial decision-making

 for businesses everywhere. 


Shape your future & find what’s next at Emburse. 


Emburse provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Emburse complies with applicable state and local laws governing nondiscrimination in employment in every location where the company has facilities. This policy applies to all terms and conditions of employment.

Top Skills

Bug Bounty
Cspm
Hacker Guardian
Hunters
Iast
Sast
SIEM
Snyk
Wiz

Similar Jobs

PagerDuty Logo
PagerDuty

Senior Security Engineer 4, Product & Application Security

22 Days Ago
Easy Apply
Remote
Hybrid
Canada
Easy Apply
Senior level
Senior level
Artificial Intelligence • Cloud • Information Technology • Machine Learning • Software • Big Data Analytics • Automation
As a Senior Security Engineer, you will lead security initiatives for PagerDuty’s SaaS offerings, focusing on application security, conducting security reviews, threat assessments, and mentoring team members. You will collaborate with product development teams to create secure architectures and drive developer-focused security practices.
Top Skills: AWSBashBuildkiteChefCircleCIEksElixirHelmJavaKubernetesLogrythmPhoenixPythonRuby On RailsSiem (SumologicSnyk)Splunk)TerraformVulnerability Detection (Qualys/NessusWiz
Fullscript Logo
Fullscript

Lead Engineer - Security

4 Days Ago
Remote
Ottawa, ON, CAN
Mid level
Mid level
Healthtech
As a Lead Security Engineer at Fullscript, you will mentor a security engineering team, implement security best practices, and drive security initiatives throughout the development lifecycle. You will optimize security triage processes and ensure security integration in design and implementation. Your role involves engaging with cross-functional teams and sharing your expertise with the developer community to improve security protocols.
Instacart Logo
Instacart

Senior Risk & Compliance Engineer

16 Hours Ago
Remote
4 Locations
Senior level
Senior level
eCommerce • Food • Software
As a Senior Risk & Compliance Engineer, you will identify and mitigate risks related to technology and business across Security, Financial Systems, and Privacy. Your responsibilities include designing, implementing, and optimizing risk-based controls, streamlining audit processes, and collaborating with various teams to improve compliance and operational efficiency through automation.
Top Skills: AWSCi/CdCompliance Automation SolutionsDevOpsGCPGrc Tools

What you need to know about the Toronto Tech Scene

Although home to some of the biggest names in tech, including Google, Microsoft and Amazon, Toronto has established itself as one of the largest startup ecosystems in the world. And with over 2,000 startups — more than 30 percent of the country's total startups — Toronto continues to attract new businesses. Be it helping entrepreneurs manage their finances, simplifying business operations by automating payroll or assisting pharmaceutical companies in launching new drugs, the city's tech scene is just getting started.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account