Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
Senior Application Security Engineer image - Rise Careers
Job details

Senior Application Security Engineer

Ivalua is a leading provider of cloud-based procurement solutions and is seeking a Senior Application Security Engineer to enhance the security of their SaaS products.

Skills

  • Penetration testing
  • Scripting
  • Application security tools proficiency
  • Web application security best practices

Responsibilities

  • Perform manual web application penetration testing
  • Enhance application security tooling and scanning configurations
  • Write and maintain automated scripts for security tests
  • Act as POC for technical audit findings
  • Support the implementation of security best practices within the R&D department

Education

  • Bachelor's degree in Computer Science or a related field

Benefits

  • Medical, dental, and vision insurance
  • Retirement plan with company match
  • Annual target bonus based on performance
  • Hybrid working model
To read the complete job description, please click on the ‘Apply’ button
Ivalua Glassdoor Company Review
4.1 Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon Glassdoor star icon
Ivalua DE&I Review
4.2 Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon Glassdoor star icon
CEO of Ivalua
Ivalua CEO photo
David Khuat-Duy
Approve of CEO

Average salary estimate

$160000 / YEARLY (est.)
min
max
$150000K
$170000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Senior Application Security Engineer, Ivalua

Ivalua is on the lookout for a talented Senior Application Security Engineer to join our dynamic team in Pittsburgh, USA! Founded in 2000, we believe in harnessing the power of digital transformation to enhance supply chain sustainability. As a major player in the cloud-based procurement solutions arena, we empower organizations like yours to manage their expenses and suppliers effectively. In this critical role, you’ll become a cornerstone of our InfoSec team, focusing on strengthening our information security program and ensuring the safety and integrity of our applications. Your day-to-day will encompass everything from performing manual web application penetration testing on our SaaS offerings to enhancing our automated vulnerability scanning processes. Collaborating with a group that thrives on creativity and shared ambition, you'll not only advocate for best practices in security design but also help develop a comprehensive developer training program. If you’re a problem-solving enthusiast with experience in security tools and a knack for effective communication, then this could be the perfect opportunity for you at Ivalua. You'll find a culture where we work hard, play hard, and constantly challenge one another to excel. Ready to embrace this adventure with us and shape the future? Let’s make it happen together!

Frequently Asked Questions (FAQs) for Senior Application Security Engineer Role at Ivalua
What are the main responsibilities of a Senior Application Security Engineer at Ivalua?

As a Senior Application Security Engineer at Ivalua, your responsibilities will include conducting manual web application penetration tests, improving our SSDLC process, and maintaining vulnerability scanning. You’ll also focus on orchestrating remediation plans and ensuring the security of our SaaS applications. This role is pivotal in ensuring that our information security measures not only protect our customers but also contribute to the continuous improvement of our applications.

Join Rise to see the full answer
What qualifications do I need to apply for the Senior Application Security Engineer position at Ivalua?

To apply for the Senior Application Security Engineer role at Ivalua, you should have over 5 years of hands-on experience in penetration testing on web applications and services. Familiarity with integrating security practices into the SDLC is crucial. Proficiency in scripting and languages such as Python and JavaScript is also required. While certifications like OSCP or equivalent are preferred, they are not absolutely necessary.

Join Rise to see the full answer
How does the Senior Application Security Engineer role contribute to Ivalua's security strategy?

The Senior Application Security Engineer at Ivalua plays a vital role in enhancing our security strategy by implementing security best practices throughout the development lifecycle. Through manual testing, tooling optimization, and vulnerability tracking, you help promote secure coding practices among our developers, ensuring that we meet our customers' security expectations efficiently. Your expertise shapes how we safeguard our applications against evolving threats.

Join Rise to see the full answer
What is the work culture like for a Senior Application Security Engineer at Ivalua?

At Ivalua, the work culture is vibrant and inclusive, particularly for a Senior Application Security Engineer. We emphasize collaboration and creativity, organizing both indoor and outdoor activities to strengthen team bonds. You can expect to be part of an empowering environment that values diversity, fosters innovation, and promotes individual growth while working towards our shared goal of digital transformation in supply chain management.

Join Rise to see the full answer
What are the growth opportunities for a Senior Application Security Engineer at Ivalua?

Growth opportunities for a Senior Application Security Engineer at Ivalua are abundant, thanks to our emphasis on career development and training. You’ll have access to a wealth of resources to enhance your skills and take on leadership roles within your field. By participating in various projects and initiatives, you can contribute to strategic decisions, paving the way for personal growth and career advancement within the organization.

Join Rise to see the full answer
Common Interview Questions for Senior Application Security Engineer
Can you explain your experience with web application penetration testing?

When answering this question, details are essential. Highlight specific projects where you performed penetration testing, the tools you used, and the methodologies you employed. Discuss any impactful vulnerabilities you discovered and how you contributed to remediation efforts, showcasing your analytical and problem-solving skills.

Join Rise to see the full answer
How do you integrate security into the software development life cycle?

Discuss the steps you take to ensure security is integrated from design through to deployment. You might mention practices such as security design reviews, conducting security training for developers, and using automated security tools in the CI/CD pipeline. Providing examples from your previous roles will help illustrate your ability to embed security seamlessly.

Join Rise to see the full answer
What security tools are you most proficient in?

To answer this question effectively, list the application security tools you are familiar with, such as BurpSuite, SQLMap, or Checkmarx. Elaborate on your experiences with each tool, including specific tasks you've accomplished using them and how they contributed to your overall security assessments.

Join Rise to see the full answer
Describe a challenging security vulnerability you encountered and how you resolved it.

Focus on a specific vulnerability you discovered and walk the interviewer through the steps you took to address it. Explain the discovery process, the remediation method you used, and the outcome. This showcases not only your technical skills but also your ability to analyze and resolve complex issues.

Join Rise to see the full answer
How do you stay updated with the latest security threats and vulnerabilities?

Communicate your commitment to continuous learning by mentioning resources like security blogs, forums, conferences, and certifications you follow. Highlight any specific communities or publications you engage with regularly to ensure your knowledge stays relevant in the rapidly changing security landscape.

Join Rise to see the full answer
Can you explain how you would handle a collaboration with developers regarding security best practices?

Describe your approach to fostering open communication and collaboration with developers. Emphasize the importance of mutual understanding in implementing security best practices, possibly sharing experiences where you conducted training sessions or worked on joint projects to embed security awareness within the development team.

Join Rise to see the full answer
What scripting languages do you proficiently use in your security role?

Identify the scripting languages you've used, such as Python or JavaScript, and provide examples of how you've applied them in your security testing efforts. Highlight scripts you’ve written for automation or tool enhancement, demonstrating your technical capabilities.

Join Rise to see the full answer
How would you approach reviewing security audit findings from customers?

Discuss your method for methodically analyzing and interpreting audit findings. Describe how you prioritize remediation tasks based on risk and impact, facilitate discussions with technical teams, and ensure comprehensive follow-ups to verify that issues have been resolved effectively.

Join Rise to see the full answer
What role do you think culture plays in a company's security posture?

Emphasize the intrinsic link between corporate culture and security awareness. Discuss how fostering a security-conscious culture can lead to proactive identification of risks and better adherence to security practices across all departments, making it a holistic approach to safeguarding the organization.

Join Rise to see the full answer
How would you advocate for security best practices in a fast-paced development environment?

Explain your strategies for promoting security within a fast-paced environment, such as embedding security checkpoints in agile ceremonies and leveraging automated tools to minimize disruptions. Discuss how you plan to engage with stakeholders regularly to reinforce the importance of security without slowing down the development process.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
Ivalua Remote Montreal, Quebec - Canada
Posted 11 days ago
Photo of the Rise User
Posted 8 days ago
Photo of the Rise User
EVERSANA Hybrid Overland Park, KS, USA
Posted 19 hours ago
Photo of the Rise User
Posted 10 days ago
Photo of the Rise User
Posted 12 days ago
Photo of the Rise User
6sense Remote Bengaluru, Karnataka, India
Posted 11 days ago

All companies want the best and brightest. At Ivalua, we also want team members who have a global point of view and who bring customer-focused enthusiasm and ambition to the table. We are a company of doers, of problem solvers, of figure-it-outers...

85 jobs
MATCH
VIEW MATCH
FUNDING
SENIORITY LEVEL REQUIREMENT
TEAM SIZE
SALARY RANGE
$150,000/yr - $170,000/yr
EMPLOYMENT TYPE
Full-time, hybrid
DATE POSTED
March 12, 2025

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
LATEST ACTIVITY
Photo of the Rise User
Someone from OH, Cleveland just viewed Accounting Co-Op (Part-Time) at Avery Dennison
Photo of the Rise User
Someone from OH, North Ridgeville just viewed Product Manager at ShiftCare
Photo of the Rise User
Someone from OH, North Ridgeville just viewed Product Operations at Binance
Photo of the Rise User
Someone from OH, Mentor just viewed Sales & Service Lead - Pinecrest at Alo Yoga
Photo of the Rise User
8 people applied to Excel Developer at Valcre
Photo of the Rise User
Someone from OH, Mason just viewed Marketing & Communications Intern at Per Scholas
Photo of the Rise User
Someone from OH, Lakewood just viewed Recruiter (Talent Sourcing), 6 month contract at Jerry
Photo of the Rise User
Someone from OH, Westerville just viewed Director Change Management at Discover