This job listing has expired and the position may no longer be open for hire.

Application Security Architect at

Posted in Information Technology 30+ days ago.

This job brought to you by eQuest

Type: Full-Time
Location: Palo Alto, California

Job Description:


About is the leading business payments network, with over 2.5 million members paying and getting paid over $50 billion per year. saves companies more than 50% of the time typically spent on financial back-office operations by automating end-to-end processes. helps businesses connect and do business by tying together finance and accounting programs, banks, customers, vendors, accounting professionals, and documents. The company is the choice of 4 of the top 10 U.S. banks; leading accounting software providers QuickBooks Online and Xero; and over 50 percent of the top 100 U.S. accounting firms. It is the only business payments solution partnered with the American Institute of CPAs (AICPA). The recipient of more than 70 awards, proudly received multiple PC Magazine's Editor's Choice Awards and CEO Rene Lacerte was recently recognized as an E&Y Entrepreneur of the Year.

Mission: is looking for a hands-on, strategic leader to join our technology team as the Application Security Architect. In this capacity, you will define and drive the evolution of our SaaS application’s security architecture and implementation. You will collaborate with PM, Engineering and Operations to lead design and execution of our strategic and tactical security initiatives. You will represent app sec on the Security Council. You will serve as an overall infosec technology expert (particularly on app security) and ensure that security is an integral part of the design and implementation of our product/technology roadmaps.


  • Provide hands-on leadership and own overall application security architecture design for’s small business focused SaaS-based financial services SaaS product.

  • Establish architecture and technology best practices: mentor the technology organization on secure coding methodologies, data security policies and general information security awareness. Raise awareness and raise the game of everybody in technology with respect to infosec.

  • Identify security flaws in current code/architecture and provide remediation solutions. For example, educate and design framework-level protection for OWASP top 10 risks (e.g CSRF/XSS etc).

  • Integrate security into’s SDLC. Provide direction and guidance to Dev, QA and Ops teams on secure application development, testing and deployment strategies. Conduct security design reviews and code reviews of application features and functionality

  • Drive execution of security engineering work - remediations, bug fixes, implementation of controls etc.

  • Evaluate new and emerging security products and technologies. Develop proofs-of-concept on how can leverage these solutions, and provide guidance and recommendations to the team on how to incorporate them into the product to satisfy business needs.

  • Enable’s journey to the public cloud by designing public cloud compliant application security architecture.

  • Contribute to troubleshooting and handling security incidents

  • Stay current by researching security standards and best practices, security monitoring systems, encryption technologies, authentication protocols etc.

Professional Experience and Skills:

  • Related field or 10+ years of experience in information security (including 5+ years in application security and prior experience as an application/platform developer). Broad knowledge of security best practices and application security techniques.

  • Possess both deep and broad technical knowledge across a range of security areas. Proven expertise leading application security architecture and secure application development.

  • Expertise in securing applications and services in both, on-prem and public cloud models.

  • Deep understanding of the SaaS domain from a security perspective: http/https protocols; servlets and Java app servers; client side technologies (modern javascript frameworks and their security posture); REST APIs; secure cookie usage; tradeoffs in hosting strategies (public vs private cloud); big data implications (data science, machine learning);
    Industry standard certifications, including one or more of the following: CISSP, CISA, CCSP etc.

  • Strong knowledge of information security standards (e.g ISO 27001/27002)

  • Strong working knowledge of Java and modern client-side UI frameworks, and a technical understanding of how to protect applications from common attack vectors and vulnerabilities

  • Working knowledge of network/infrastructure security technologies (firewall, access control, intrusion detection, intrusion prevention, administrative access control)

  • Strong verbal and written communication skills. Be a strong people leader - must be able to lead the and influence cross-functional leaders and executives

  • Experience working in a fast-moving, small-company environment. Culture:

  • Humble – No ego

  • Fun – Celebrate the moments

  • Authentic – We are who we are

  • Passionate – Love what you do

  • Dedicated – To each other and the customer