Application Security Architect at Bill.com
Posted in Information Technology 11 days ago.
This job brought to you by eQuest
Location: Palo Alto, California
Bill.com is the leading business payments network, with over 2.5 million members paying and getting paid over $50 billion per year. Bill.com saves companies more than 50% of the time typically spent on financial back-office operations by automating end-to-end processes. Bill.com helps businesses connect and do business by tying together finance and accounting programs, banks, customers, vendors, accounting professionals, and documents. The company is the choice of 4 of the top 10 U.S. banks; leading accounting software providers QuickBooks Online and Xero; and over 50 percent of the top 100 U.S. accounting firms. It is the only business payments solution partnered with the American Institute of CPAs (AICPA). The recipient of more than 70 awards, Bill.com proudly received multiple PC Magazine's Editor's Choice Awards and CEO Rene Lacerte was recently recognized as an E&Y Entrepreneur of the Year.
Bill.com is looking for a hands-on, strategic leader to join our technology team as the Application Security Architect. In this capacity, you will define and drive the evolution of our SaaS application’s security architecture and implementation. You will collaborate with PM, Engineering and Operations to lead design and execution of our strategic and tactical security initiatives. You will represent app sec on the Security Council. You will serve as an overall infosec technology expert (particularly on app security) and ensure that security is an integral part of the design and implementation of our product/technology roadmaps.
- Provide hands-on leadership and own overall application security architecture design for Bill.com’s small business focused SaaS-based financial services SaaS product.
- Establish architecture and technology best practices: mentor the technology organization on secure coding methodologies, data security policies and general information security awareness. Raise awareness and raise the game of everybody in technology with respect to infosec.
- Identify security flaws in current code/architecture and provide remediation solutions. For example, educate and design framework-level protection for OWASP top 10 risks (e.g CSRF/XSS etc).
- Integrate security into Bill.com’s SDLC. Provide direction and guidance to Dev, QA and Ops teams on secure application development, testing and deployment strategies. Conduct security design reviews and code reviews of application features and functionality
- Drive execution of security engineering work - remediations, bug fixes, implementation of controls etc.
- Evaluate new and emerging security products and technologies. Develop proofs-of-concept on how Bill.com can leverage these solutions, and provide guidance and recommendations to the team on how to incorporate them into the product to satisfy business needs.
- Enable Bill.com’s journey to the public cloud by designing public cloud compliant application security architecture.
- Contribute to troubleshooting and handling security incidents
- Stay current by researching security standards and best practices, security monitoring systems, encryption technologies, authentication protocols etc.
Professional Experience and Skills:
- Related field or 10+ years of experience in information security (including 5+ years in application security and prior experience as an application/platform developer). Broad knowledge of security best practices and application security techniques.
- Possess both deep and broad technical knowledge across a range of security areas. Proven expertise leading application security architecture and secure application development.
- Expertise in securing applications and services in both, on-prem and public cloud models.
Industry standard certifications, including one or more of the following: CISSP, CISA, CCSP etc.
- Strong knowledge of information security standards (e.g ISO 27001/27002)
- Strong working knowledge of Java and modern client-side UI frameworks, and a technical understanding of how to protect applications from common attack vectors and vulnerabilities
- Working knowledge of network/infrastructure security technologies (firewall, access control, intrusion detection, intrusion prevention, administrative access control)
- Strong verbal and written communication skills. Be a strong people leader - must be able to lead the and influence cross-functional leaders and executives
- Experience working in a fast-moving, small-company environment.
- Humble – No ego
- Fun – Celebrate the moments
- Authentic – We are who we are
- Passionate – Love what you do
- Dedicated – To each other and the customer