Application Security Engineer

📋 Description

• • Infiterra Inc. is at the forefront of revolutionizing the subscription economy, empowering IT Distributors and Managed Service Providers (MSPs) with a cutting-edge B2B SaaS platform designed to automate and accelerate their subscription-based businesses. With a robust global presence, serving over 100 customers across 75 countries, Infiterra is recognized for its innovative solutions and significant international impact. We are a rapidly growing company, fueled by a passion for simplifying subscription service delivery and fostering a dynamic, forward-thinking environment where collaboration and continuous growth are paramount. As we expand, we are seeking a highly skilled and motivated Application Security Engineer to join our dedicated team and play a pivotal role in embedding security deeply within our software development lifecycle (SDLC).
• • This is a unique opportunity to move beyond traditional security roles and become an integral part of our engineering culture. You will be instrumental in ensuring that security is not an afterthought but a fundamental aspect of how we design, build, and operate our software. Your primary focus will be to collaborate closely with our product and engineering teams, proactively identifying potential risks at the earliest stages of development, championing secure-by-design principles, and consistently elevating our overall application security posture. This role is inherently hands-on, requiring you to be deeply integrated with our code, architecture, and the entire SDLC, making a tangible impact on the security and resilience of our platform.
• • Your responsibilities will span across the entire software development lifecycle. You will integrate security activities seamlessly into all phases, from initial requirements gathering and design to implementation, rigorous testing, deployment, and ongoing maintenance. A key aspect of your role will involve partnering closely with our engineering teams to ensure that secure development practices are not just understood but consistently applied across all projects. You will be responsible for reviewing the security controls for all new features, services, and significant architectural changes, providing expert guidance and validation.
• • A significant part of your contribution will be in conducting comprehensive threat modeling sessions, utilizing methodologies like STRIDE, for both new and existing systems. This will involve meticulously identifying potential threats, mapping out attack paths, pinpointing misconfigurations, and flagging insecure design patterns. You will work collaboratively with engineers to ensure that all systems are built with secure-by-design principles at their core, fostering a proactive security mindset.
• • Furthermore, you will perform in-depth, security-focused code reviews to identify vulnerabilities, risky implementations, and deviations from secure coding standards. Your role will extend to providing clear, actionable guidance to developers on secure coding patterns and best practices, helping them to write more secure code from the outset. You will also be tasked with assessing application and system architectures from a security perspective, identifying potential weaknesses and recommending robust security enhancements.
• • In terms of security testing and tooling, you will conduct both manual and automated web application security testing, focusing on common vulnerability classes such as injection flaws, authentication and authorization issues, access control gaps, insecure configurations, and business logic flaws. You will be responsible for operating, tuning, and continuously improving our suite of AppSec tooling, including SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), SCA (Software Composition Analysis), secrets scanning, and dependency scanning. A crucial element of this will be integrating and automating these security checks within our CI/CD pipelines, ensuring that security is a continuous part of our delivery process. You will also be proactive in identifying gaps in our existing tooling and recommending or introducing new solutions to enhance our capabilities.
• • In the event of application security incidents or vulnerability disclosures, you will provide essential support to our engineering teams. This includes contributing to the triage process, assessing the impact of identified vulnerabilities, and participating in root cause analysis. Critically, you will ensure that lessons learned from incidents are effectively fed back into our design processes, tooling improvements, and overall security practices, creating a cycle of continuous improvement.
• • Finally, you will play a vital role in security awareness and enablement within the engineering organization. You will empower engineers through targeted training sessions, comprehensive documentation, and hands-on guidance. Your goal will be to create and maintain clear, accessible secure coding guidelines, checklists, and internal resources that developers can easily reference. You will act as a trusted security partner, fostering a collaborative relationship where security is seen as an enabler, not a blocker, to innovation and delivery.