Ivalua

About the Company

We are a leading provider of cloud-based Spend Management software. Our complete, unified platform empowers businesses to effectively manage all categories of spend and all suppliers, increasing profitability, improving ESG performance, lowering risk, and improving employee productivity. We are trusted by hundreds of the world's most admired brands and recognized as a global leader by renowned industry analysts. Learn more at www.ivalua.com. Follow us on LinkedIn and Twitter.

Listed Jobs

Company Name

Ivalua

Job Title

Senior Security Analyst - GRC

Job Description

Massy, France

Hybrid

Senior

17-10-2025

Company Name

Ivalua

Job Title

Senior Application Security Engineer

Job Description

**Job title:** Senior Application Security Engineer **Role Summary:** Lead application security within a SaaS environment, enhancing SSDLC processes, performing manual and automated web application penetration testing, and guiding secure code practices for R&D teams. **Expectations:** - Ensure the SaaS platform meets industry security standards and customer requirements. - Deliver actionable remediation plans and track progress in dashboards. - Advocate secure coding throughout the development lifecycle. **Key Responsibilities:** - Conduct manual web‑application penetration tests on SaaS and corporate web services. - Optimize SAST, DAST, SCA, and other security tooling to minimize false positives/negatives. - Develop and maintain automation scripts to bridge scanning gaps. - Serve as primary contact for technical audit findings and customer security engagements. - Lead security design reviews and testing for major product changes. - Analyze, report, and track vulnerabilities from audits, customer reports, and internal sources. - Provide guidance to developers on corrective action aligned with security standards. - Contribute to developer security training and secure development guidelines. - Stay current on emerging threats, vulnerabilities, and security tools. **Required Skills:** - 5–7+ years of application security experience, integrating security into SDLC. - Proficiency in scripting (Python, JavaScript) and query languages (SQL). - Hands‑on with BurpSuite, SQLMap, Invicti, Checkmarx, or equivalent. - Ability to manage multiple tasks, prioritize, and meet deadlines. - Excellent communication, collaboration, and initiative. **Required Education & Certifications:** - Bachelor’s degree in Computer Science, Information Security, or related field (preferred) or equivalent experience. - Advanced degree acceptable with ≥5 yrs experience. - Offensive Security qualification (OSCP, OSWE, GPEN, etc.) or active pursuit of one is preferred.

New york, United states

Hybrid

Senior

19-10-2025

Company Name

Ivalua

Job Title

Senior Offensive Security Engineer – Infrastructure & Cloud (Senior Security Engineer)

Job Description

**Job Title** Senior Offensive Security Engineer – Infrastructure & Cloud (Senior Security Engineer) **Role Summary** Lead the design, implementation, review, and monitoring of technical security controls for a cloud‑based procurement platform’s hosting, corporate infrastructure, and networks. Conduct vulnerability management, penetration testing, incident response, and compliance support, while acting as the primary SME for infrastructure and cloud security. **Expectations** - Minimum 5 years of hands‑on experience in infrastructure/network security engineering and architecture. - Minimum 5 years of hands‑on network and/or cloud penetration testing. - Strong scripting skills (Python, PowerShell). - Proficiency with Azure services (EntraID, Key Vault, Sentinel, NSG, firewall). - Knowledge of CNAPP, CSPM, MDM, IAM, DDoS, Active Directory, cryptography, and security incident response. - Ability to collaborate across IT, R&D, SOC, and GRC teams, manage multiple priorities, and meet deadlines. **Key Responsibilities** - Perform technical security design, architecture, change, and configuration audits/reviews of Azure cloud environments, servers, network devices, endpoints, and security technologies (CNAPP, MDM, WAF, DDoS). - Serve as SPOC for vulnerability management: scanning, third‑party penetration testing, red teaming, analysis, and retesting of findings. - Collaborate with SOC to enhance detection and response processes and capabilities. - Support security initiatives for Azure environments: EntraID Conditional Access, CSPM, Infrastructure‑as‑Code, NSG rule reviews. - Provide technical support to GRC on compliance initiatives (FedRAMP, PCI, NIST 800‑53 r5, IRAP, SANS CIS 20) and answer technical security questions from customers and prospects. - Act as SME on infrastructure and cloud security, share knowledge, and collaborate with internal teams to improve architecture and operational efficiencies. **Required Skills** - Infrastructure & network security engineering/architecture (CNAPP, CSPM, MDM, IAM, DDoS). - Network and cloud penetration testing. - Scripting (Python, PowerShell). - Active Directory concepts, protocols, hardening. - Cryptography (algorithms, protocols, key/certificate management). - Azure security services (EntraID, Key Vault, Sentinel, NSG, firewall). - Security incident response and investigation. - Familiarity with security standards/compliance: OWASP, NIST, FedRAMP, PCI, SANS CIS 20. - Strong collaboration, multitasking, and deadline‑management skills. **Required Education & Certifications** - Bachelor’s degree in a related field or equivalent professional experience. - Evidence of or pursuit of security certifications such as OSCP, eJPT, AZ‑500, GIAC GPEN, or comparable credential.

Fremont, United states

Hybrid

Senior

19-10-2025

Company Name

Ivalua

Job Title

Sr Security Analyst (SOC)

Job Description

**Job Title** Sr Security Analyst (SOC) **Role Summary** Lead the global Security Operations Center (SOC) as the highest technical authority. Drive SOC strategy, incident response, and continuous improvement of processes, tools, and metrics to protect the organization’s information assets across all regions. **Expectations** - Serve as the primary technical liaison for SOC, infrastructure, Infosec, and cybersecurity teams. - Mentor junior analysts, set best‑practice standards, and act as the escalation point for all SOC incidents. - Own end‑to‑end SOC operations, ensuring rapid detection, analysis, and resolution of security events. **Key Responsibilities** - Develop, implement, and refine SOC strategy and operating procedures for a multi‑region environment. - Manage day‑to‑day incident detection, triage, containment, investigation, and reporting. - Design and maintain event‑log collection and SIEM tuning to detect anomalous user and software behavior. - Contribute to threat intelligence activities, vulnerability management, and security posture improvement. - Lead and coordinate global incident remediation, track GAP closure, and produce executive dashboards/KPIs. - Collaborate on the selection, deployment, and continuous enhancement of SOC tools (SIEM, EDR, vulnerability scanners). - Ensure compliance with security policies, industry standards, and regulatory requirements (GDPR, HIPAA, SOC, FedRAMP, etc.). - Preserve SOC knowledge bases and documentation for operational knowledge transfer. **Required Skills** - Minimum 7 years of progressive IT security experience focused on SOC (analyst, senior analyst, lead). - Strong understanding of operating systems, networking, and security architecture. - Expertise in SIEM platforms (MS Sentinel, ELK, Q‑Radar, Splunk, AlienVault, etc.). - Hands‑on experience with EDR solutions (Microsoft Defender, CrowdStrike, etc.). - Familiarity with vulnerability scanning tools (Rapid7, Nessus, or equivalent). - Analytical mindset, attention to detail, autonomy, and problem‑solving. - Excellent written and verbal communication; ability to translate technical findings to business stakeholders. - Proven mentorship and leadership in a fast‑paced, global team environment. **Required Education & Certifications** - Bachelor’s degree in Information Security, Computer Science, or related field with ≥7 years experience; OR Master’s degree with ≥5 years experience; OR equivalent education‑experience combination. - Security certifications preferred: CSA, CySA+, CISSP, GCIA, CEH, or equivalent.

Pittsburgh, United states

Hybrid

Senior

23-10-2025