Job Specifications
(Pittsburgh, PA; New York City, NY; Fremont, CA)
Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions.
Company Overview
At Ivalua we are a global community of exceptional professionals, who believe that digital transformation revolutionizes supply chain sustainability and resiliency to unlock the power of supplier collaboration. We achieve this through our leading cloud-based spend management platform that empowers hundreds of the world's most admired brands to effectively manage all categories of spend and all suppliers to increase profitability, improve ESG (environmental, social, and corporate governance) performance, lower risk, and improve productivity. Driven by our passions and fueled by our shared ambitions, we empower and challenge each other to create meaningful experiences for our colleagues, customers, partners, and communities.
Learn more at www.ivalua.com. Follow us on LinkedIn
THE OPPORTUNITY
CONTEXT: You will be part of the InfoSec team with a mission to build, maintain, and continuously improve our Information Security program, providing peace of mind and assurance of protection and safety to our customers. Our team is hands-on, with a strong problem-solving mindset, capable of thinking holistically about implementation and providing solutions to address our customers' long-term challenges. We work hard and play hard, enjoying various indoor and outdoor activities organized by the company, allowing you to focus, collaborate, and unleash your creativity.
ROLE: We are currently seeking a Senior Application Security Engineer to help secure Ivalua's SaaS application product and corporate internet-facing applications. This role involves enhancing the SSDLC process, maintaining and improving automated vulnerability scans, performing manual security testing at the application layer, orchestrating remediation plans, and tracking vulnerability remediation progress through reports and dashboards. Additionally, the Senior AppSec Engineer will contribute to the deployment and continuous improvement of the Secure Architecture & Software Development program to ensure the security of Ivalua's SaaS platform.
What You Will Do With Us
Perform manual web application penetration testing on the Ivalua SaaS application product, web services as well as the corporate critical or internet-facing web applications
Enhance/Optimize the application security tooling scanning configurations (SAST, DAST, SCA) to reduce false positives/negatives
Write and maintain in-house automated scripts to complement the scanning tool gaps and industrialize the manual security tests
Act as the main POC for analyzing, discussing and reviewing the technical audits findings from US customers
Advocate and support the implementation of security best practices as part of the development lifecycle within the R&D department including security design reviews and security testing of major product changes or enhancements
Support the analysis, reporting, tracking and retesting of security vulnerabilities reported through multiple sources (customer, internal and external audits) and provide guidance to developers to fix these in a manner consistent with Ivalua standards
Contribute to develop, enhance, maintain and deliver a developer security training program and maintain secure development guidelines
Act as one of the SME on application security and stay apprised on new vulnerabilities, threats, risks, tools and techniques
YOUR PROFILE
If you have the below experience and strengths this role could be for you
Skills And Experience
Bachelor's degree in relevant field preferred with a minimum of 7 years of relevant professional experience, OR Master's degree in relevant field with a minimum of 5 years of relevant professional experience, OR Equivalent combination of education and experience
Proven practical experience in integrating security as part of SDLC (security by design, security code reviews, security tests etc.)
Highly proficient in scripting, client-side programming and query languages (such as Python, JavaScript, SQL)
Experience with the industry-recognized application security tools (BurpSuite, SQLMap, Invicti, Checkmarx etc.)
An Offensive Security qualication or evidence of starting to work towards e.g. OSCP, OSWE, GPEN, GWAPT, CPTS, Hack-the-Box labs or root-me challenges or similar is preferred but not required
Ability to handle multiple tasks, prioritize and meet deadlines
Soft Skills
Excellent interpersonal, communication and organizational skills
Team player with the ability to interface effectively with a broad range of individuals
High degree of initiative, dependable and able to work well with limited supervision
What Happens Next
If your application fits this specific position's needs, our skilled Talent team will reach out to schedule an initial screening call. Get one step closer to achieving your goals - apply today!
Our Talent team will guide you through every step of th
About the Company
We are a leading provider of cloud-based Spend Management software. Our complete, unified platform empowers businesses to effectively manage all categories of spend and all suppliers, increasing profitability, improving ESG performance, lowering risk, and improving employee productivity. We are trusted by hundreds of the world's most admired brands and recognized as a global leader by renowned industry analysts. Learn more at www.ivalua.com. Follow us on LinkedIn and Twitter.
Know more