Description

As an Application Security Engineer, you will play a critical role in safeguarding the security of our software products and development lifecycle. This role focuses on managing and optimizing code scanning tools, identifying vulnerabilities, and ensuring secure coding practices are embedded into every stage of software development. You will collaborate with engineering teams to provide actionable security guidance, design metrics to measure security effectiveness, and create strategies to continuously improve application security. By integrating cutting-edge tools and techniques, you will ensure that our applications meet the highest standards of security and resilience, ultimately protecting the organization and its users from emerging threats. Key Responsibilities Manage and optimize code scanning tools (e.g., SAST, DAST) to detect and remediate security vulnerabilities. Provide security guidance and best practices to engineering teams throughout the software development lifecycle. Design, maintain, and report on application security metrics and dashboards to track progress and effectiveness. Perform security assessments, including threat modeling and architecture reviews for new features and applications. Collaborate with DevOps and CI/CD teams to integrate security tools seamlessly into development pipelines. Stay up-to-date on the latest security threats, vulnerabilities, and remediation strategies to evolve application security practices. Deliver secure coding training and resources to engineering teams to foster a security first culture. Own and lead the Security Champions program to drive secure practices and cross-functional engagement. Things You Will Need to Be Successful in This Role Typically requires a Bachelor's degree in a technical field such as Computer Science, Information Security, Information Technology or equivalent experience and may require up to 2 years of related experience; or an advanced degree without experience. Proficiency with code scanning tools (e.g., SAST, DAST) Deep understanding of secure coding practices and standards (e.g., OWASP Top Ten). Hands-on experience with programming languages such as Python, Java, JavaScript, or C#. Familiarity with CI/CD pipelines and integrating security tools into DevOps workflows. Strong analytical skills to interpret scan results and prioritize remediation efforts. Certifications (Preferred): CSSLP or relevant security certifications. Excellent communication and collaboration skills to work effectively with cross-functional teams. A proactive and detail-oriented mindset to identify and mitigate risks early in the development lifecycle. Health & Wellness Hybrid Work Opportunities

Flexible Time Off

Career Development & Mentoring Programs

Health & Wellness Benefits, including competitive health insurance offerings and generous paid parental leave for eligible new parents

Community Volunteering & Company Philanthropy Programs

Employee Peer Recognition Programs – “You Earned it”

Click to find out more about the benefits we offer. How We Give Back to the Community: You can learn more about our Q2 Spark Program, Q2 Philanthropy fund, and our employee volunteering programs on our . Q2 supports dozens of wide-reaching organizations, such as the , and , promoting diversity and success in leadership and technology. Other deserving beneficiaries include helping LGBTQ communities, , and , a group helping veterans rebuild their lives with specially adapted homes.