Senior Security Engineer

We are seeking an experienced Senior Software Security Engineer to lead efforts in securing our SaaS application, ensuring application integrity, and protecting sensitive data hosted within AWS environments. The ideal candidate will work closely with development teams throughout the development process, conducting thorough code reviews and manual runtime testing to audit and certify changes before release as part of a critical quality gate. Advanced expertise in the MERN stack (MongoDB, Express, React, NodeJS), deep knowledge of web protocols, application architecture, and robust networking concepts like DNS and HTTPS are essential. Given the close collaboration with engineers, prior experience as a MERN stack developer is required to effectively bridge security and development workflows.
*FloQast is headquartered in Los Angeles, CA and we are seeking US Based REMOTE Engineers.
*Visa sponsorship is NOT available at this time

What You'll Do

• Code Security Leadership: Drive and own the strategic security roadmap for code integrity across development teams, setting and enforcing enterprise-wide standards.
• Quality Gate Ownership: Design and enforce security quality gates, conducting rigorous code reviews, manual runtime testing, and automated scans to certify feature releases.
• Vulnerability Management: Spearhead vulnerability triage processes, collaborating with bug bounty researchers and prioritizing remediation based on risk, severity, and business impact.
• Engineering Collaboration: Partner with engineering leadership to embed secure coding practices, mentor developers, and drive the resolution of complex security issues, leveraging past MERN stack development experience to guide secure implementation.
• Advanced Security Testing: Design and execute comprehensive security testing, including penetration testing, vulnerability analysis, and audits for new features, ensuring compliance with security requirements before production deployment.
• HTTP Protocol Mastery: Apply expert-level knowledge of HTTP to secure and optimize requests and responses, including headers, cookies, and caching mechanisms.
• Networking Expertise: Leverage in-depth understanding of networking concepts (DNS, HTTPS, firewalls) to architect secure application communication.
• Browser Security Leadership: Drive the implementation of advanced browser security mechanisms, such as Content Security Policy (CSP), CORS, and secure cookie handling.
• Incident Response Leadership: Lead investigations into complex security incidents, performing root cause analysis and implementing robust preventative measures.
• Security Documentation: Author and maintain comprehensive security documentation, including policies, procedures, and system configurations, to support compliance and operational excellence.

What You'll Bring

• Prior experience as a MERN stack developer, with hands-on expertise in building and maintaining applications using MongoDB, Express, React, and NodeJS.
• Extensive experience with the MERN stack (MongoDB, Express, React, NodeJS) and securing applications in AWS environments.
• Proven expertise in managing DAST/SAST tools and handling vulnerability reports from bug bounty programs.
• Advanced knowledge of HTTP protocols, including headers, cookies, and browser behaviors.
• Deep expertise in software security principles, secure development practices, and modern web technologies (REST APIs, JSON, OAuth).
• Strong proficiency in networking fundamentals, including DNS, HTTPS, and TCP/IP.
• Demonstrated ability to identify and mitigate advanced security vulnerabilities (e.g., OWASP Top 10 and beyond).
• Extensive experience with security testing tools like Burp Suite or similar.
• Exceptional problem-solving, analytical, and leadership skills with a focus on detail and impact.

Preferred Qualifications

• Certifications such as CISSP, CEH, or Offensive Security certifications (OSCP, OSWA, OSWE).
• PortSwigger Academy Certification and/or significant experience with their labs.
• Extensive experience with HackTheBox or similar advanced security labs.
• Deep expertise in cloud security, particularly within AWS, including secure architecture design.
• Familiarity with compliance frameworks (e.g., GDPR, PCI-DSS, SOC 2).
• Experience mentoring junior engineers or leading security training initiatives.

#BI-Remote
#LI-Remote
#LI-JR1
This job posting is for our Senior Security Engineer, the base pay range for this position is $144,000 - $216,000.  Compensation is not limited to base salary. FloQast values our Total Rewards, and offers a competitive and elaborate Benefits Package including, but not limited to, Medical, Dental, Vision, Family Forming benefits, Life & Disability Insurance, Unlimited Vacation, and participation in our Employee Stock Program. FloQast reserves the right to amend, change, alter, and revise pay ranges and benefits offerings at any time. All applicants acknowledge that by applying to this position you understand that this specific pay range is contingent upon meeting the qualifications and requirements of the role, and for the successful completion of the interview selection and process. It is at the Company's discretion to determine what pay is provided to a candidate within the range associated with the role.
About FloQast:FloQast is the leading Accounting Transformation Platform in accounting workflow automation created by actual former accountants for accountants. By streamlining and modernizing daily accounting tasks, FloQast helps teams collaborate more effectively and complete their work with greater efficiency and precision. This cloud-based, AI-powered software is trusted by over 3,000 accounting teams, including those at Snowflake, Twilio, Instacart, and The Golden State Warriors—and continues to grow. Our mission is to continuously elevate the accounting profession, enhancing both its practice and perception.
Our values act as a guiding compass, shaping every decision we make, and are non-negotiable, particularly in our hiring process. Alongside our employees, partners, and customers, we embody these values every day:Unwaveringly Authentic Ambitious with IntegrityEmpowered to GrowCommitted to CollaborationCustomer Obsessed in All Ways
Here’s Why You Should Apply- What is engineering working on? Our FQ Engineering Blog showcases a number of our recent efforts straight from the engineers working on them. Check it out!
FloQast is regularly rated as a Best Place to Work!- Inc. Magazine’s Best Workplaces in 2024, 2023, 2022, and 2021- Best Places to Work by LA Business Journal since 2017 (that’s 8 years!)- Built In’s ​​Best Place to Work in Los Angeles 6 years in a row!
Because we are Customer Obsessed in All Ways, check out what our customers have to say about FloQast on G2 Crowd. 
If this aligns closely with what you are looking for, hit “Apply” and come join our growing team!
FloQast, Inc is committed to operating fair and unbiased recruitment procedures allowing all applicants an equal opportunity for employment, free from discrimination on the basis of religion, race, sex, age, sexual orientation, disability, color, ethnic or national origin, or any other classification as may be protected by applicable law. We aim to recruit the right people for the jobs we have to offer, and to assess applications on the basis of relevant skills, education, and experience. We welcome people of different backgrounds, experiences, abilities, and perspectives. We are an equal opportunity employer and strive to provide a professional and welcoming workplace for all employees.