Senior Application Security Engineer

GlossGenius is building an ecosystem enabling entrepreneurs to succeed. We empower small business owners to focus on being creators, not admins, by offering a range of business management tools including booking and scheduling, marketing, analytics, payment processing and much more.

Over 100,000 small business owners have chosen to rely on GlossGenius every day to run their entire set of business operations. Joining its powerful, intuitive platform with its vibrant, distinguished brand, GlossGenius is the ideal combination of a fintech, SMB software, and consumer company all in one.

We are hiring a Senior Application Security Engineer to join our Foundations Engineering team at GlossGenius. In this role, you'll play a critical role in shaping the security of our entire product portfolio. This is a high-visibility position where you'll act as a frontline security voice for our engineering and product teams. You’ll work closely with engineers and product managers to ensure security is a core part of how we build, from the very first design discussions.

This role can be based remotely in or near the Greater Toronto Area.

• Design Review: You'll act as the initial security point of contact for engineering and product teams. You will conduct security-focused architectural reviews and threat modeling to identify and address vulnerabilities, working directly with development teams to find and fix issues.
• Policy & Process Adjustments: You will contribute to the development of our security policies and standards. This includes creating secure coding guidelines, building automated tools to prevent common security issues, and collaborating with development teams to embed security into CI/CD pipelines.
• Vulnerability Management: Own our end-to-end vulnerability management program. This includes deploying scanning tools across our engineering organization, triaging security vulnerabilities, and supporting the ongoing development of the program's tools and processes to prevent common security issues.
• Vendor Evaluation: Help improve our security program by evaluating new security vendors. This includes running evaluations, coordinating demos, piloting tools internally, and making recommendations on which solutions best fit our needs.

• 5+ years of experience in application or product security roles, preferably in high-growth, cloud-native environments
• Strong ability to collaborate effectively with software development teams
• Experience performing architecture reviews/threat models for custom software
• Excellent communication skills, both written and verbal, with the ability to clearly explain complex topics
• Familiarity with common security libraries and tools, such as static analysis and penetration testing tools
• Understanding of common security vulnerabilities and mitigation strategies (e.g., OWASP Top 10)
• Basic development or scripting skills
• Fundamental knowledge of network and web protocols (e.g., TCP/IP, HTTP, HTTPS)
• Willingness to participate in on-call rotations as needed
• A proactive approach to managing projects from start to finish with a focus on outcomes
• Flexible PTO
• Competitive health & dental insurance options, with premiums covered by GG
• Generous, fully-paid parental leave policy
• Retirement Savings Plan
• Professional Development - yearly stipend for approved learning and educational-related expenses
• Home office support
• Team Bonding opportunities - as a distributed team, opportunities to gather in person throughout the year

At GlossGenius, we celebrate our differences and are committed to creating a workplace where all employees feel supported and empowered to do their best work. We believe this benefits not only our employees but our product, customers, and community as well. GlossGenius is proud to be an Equal Opportunity and Affirmative Action Employer.