It's fun to work in a company where people truly BELIEVE in what they're doing!Fullsteam is a leading provider of vertical software and embedded payments technology dedicated to helping businesses flourish by providing their customers with seamless experiences. With a dynamic and growing team of 1,700 employees, we are committed to driving innovation and delivering best-in-class software and payment solutions that empower small and medium-sized businesses across numerous industries. Our purpose is to help our customers grow their businesses and delight their customers. Join us and be a part of a forward-thinking company that values growth, excellence, and the success of our clients.We are seeking an experienced
Senior Application Security Engineer to join Fullsteam's Proactive Security team. This individual will play a pivotal role in building and enhancing our application security program, consulting with development teams to remediate findings, and leading the implementation of various security tools and methodologies. The ideal candidate should have strong coding skills, comprehensive knowledge of security testing, and a proactive approach to threat modeling.
Primary Responsibilities:
- Lead the implementation and operationalization of SAST, SCA, and DAST tools across multiple business units with varying tech stacks.
- Collaborate with development teams to provide guidance on secure coding practices and consult on remediation efforts for vulnerabilities.
- Develop and maintain an application security vulnerability management program, ensuring critical and high vulnerabilities are remediated according to SLAs.
- Conduct threat modeling exercises to identify potential threats and propose mitigations throughout the software development lifecycle.
- Work closely with engineering teams to integrate security tools seamlessly into CI/CD pipelines and development workflows.
- Create comprehensive documentation and training materials for secure development practices.
- Perform security assessments, code reviews, and penetration testing as needed.
- Track, report, and communicate the progress of application security initiatives to senior management.
- Stay up to date with the latest security trends, vulnerabilities, and attack vectors to ensure continuous improvement of the security posture.
- Support incident response activities by providing expertise in application security-related incidents.
Primary Qualifications:
- Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
- 5+ years of experience in application security, with hands-on experience in secure coding, SAST, SCA, and DAST.
- Proficiency in one or more programming languages such as Python, Java, JavaScript, or C#.
- Experience building and managing vulnerability management programs specific to application security findings.
- Demonstrated expertise in threat modeling and risk assessment processes.
- Solid understanding of modern development frameworks and CI/CD practices.
- Strong problem-solving, analytical, and communication skills.
- Industry certifications such as OSCP, CEH, CISSP, or GWAPT are a plus.
Fullsteam supports an inclusive workplace that values diversity of thought, experience, and background. Fullsteam is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state, or local law.