Senior Application Security Engineer

About the role

AvidXchange is a dynamic and innovative technology-driven B2B payments organization seeking a curious, inquisitive, highly skilled and motivated Senior Application Security Engineer to join our team. Our company values collaboration, creativity, and excellence in delivering cutting-edge solutions to our customers. As an Application Engineer you will play a crucial role in ensuring the security and integrity of our applications, systems, and data. In the role you will be responsible for identifying and driving remediations of vulnerabilities and threats across our product portfolio.

Responsibilities

• Cross-functionally collaborate with technology teams to identify and remediate security issues.
• Provide guidance to product and technology teams on security best practices.
• Using a variety of tools and experience, develop an understanding of application risk profile, build relationships, and influence decisions to continuously maintain cybersecurity resilience.
• Will utilize software architecture security analysis, web application penetration testing, and application reverse engineering.
• Develop training based on experience and discovery targeting identified areas of opportunity.
• Understand root causes, identify data and patterns associated with potential weaknesses, and drive improvements across all levels of leadership.
• Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents.
• Lead threat modeling and risk discovery efforts across multiple product verticals, provide guidance and mentorship within team and organization.

Requirements

• 5+ years information security experience in a SaaS environment with a deep understanding of application security.
• Experience using common application security tools like (Burp Suite, OWASP ZAP) used for security testing.
• Knowledge of and experience in implementing application security tools and platforms and integrating them into SDLC processes and code delivery pipelines.
• Deep understanding of security protocols, encryption methods, CI/CD pipelines and DevSecOps practices.
• Appsec-level proficiency in programming languages (such as .Net, JavaScript, TypeScript, Java, Python)
• Experience leveraging AI tooling and capabilities (LLM / MCP) in an information security context.
• Plus but not required: Certifications such as CPSA, CRT, CCSAS, CompTIA Pentest+, OSCP, ECSA/LPT, CISSP
• Working knowledge of infrastructure as code tools, serverless architectures.
• Strong technical aptitude, genuine "ambassador and practitioner" interest in cybersecurity and technology, problem solver attitude.
• Proven ability to think critically and address complex security challenges by building strong relationships with colleagues and stakeholders.
• Self-motivated and proactive mindset in identifying potential security risks and implementing preventive measures.
• Excellent verbal and written communication skills to convey complex security concepts to both technical and non-technical stakeholders.
• Ability to work well within a team and across departments to achieve common security goals.
• About AvidXchange
• A go-getter with an entrepreneurial mindset - that means you are not afraid of taking risks, winning big or facing the unknown.
• Someone who understands that business is people centric. Connecting with others as humans first allows you to develop mutually beneficial working relationships.
• Focused on making a difference for our customers. AvidXchange exists to help solve complex problems for our customers so we can all realize our potential.
• What you'll get:

Benefits

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at avidxchangeinc? Share your experience