Senior Application Security Engineer

Job Description

Finalsite is the preferred website, communications, enrollment, and marketing platform of more than 7,000 schools and school districts in 119 countries around the world. The company’s people, products and services transform how schools connect and engage with their community, recruit students and staff, and fundraise; while managing the complex requirements around data privacy, accessibility, hosting and security. Finalsite products and services include award-winning website designs, a robust content management system, mass communications tools, a powerful enrollment management system, innovative inbound marketing tools, data integration, training, support and marketing consulting. Finalsite is headquartered in Glastonbury, CT, USA with employees who work remotely in nearly every state in the U.S. as well as Europe, South America, and Asia. For more information, please visit www.finalsite.com.

VISION

To build innovative solutions that elevate school engagement.

Summary of Responsibility

As an Application Security Engineer, you will be a key member of our security team, focusing on enhancing the security of our software applications. Your primary responsibilities will include conducting manual code reviews, optimizing SAST (Static Application Security Testing) tooling, and providing security training and consulting to our development teams. This role requires a strong background in application security, secure coding practices, and a working knowledge of Ruby on Rails and ColdFusion.

Location

Hybrid / Remote - Anywhere within Krakow, Poland. 

B2B option for this role.

Finalsite is a global company and to enable strong collaboration, we have established common core working hours. Candidates should be comfortable working from 11:00-20:00 CEST, with core working hours being 16:00-19:00 CEST

RESPONSIBILITIES

Perform manual code reviews of applications written in Ruby on Rails, Python, and Java to identify security vulnerabilities and provide detailed remediation guidance.

Optimize SAST tooling to improve the accuracy and efficiency of automated security scans, integrating these tools into our CI/CD pipelines.

Develop and deliver security training programs for developers, focusing on secure coding practices, threat modeling, and application security best practices.

Provide security consulting to development teams, helping them integrate security into their development lifecycle and advising on secure design and architecture.

Collaborate with cross-functional teams to ensure security requirements are understood and implemented across all projects.

Stay current with the latest security trends, vulnerabilities, and technologies, especially those relevant to Ruby on Rails and ColdFusion.

Manage vulnerability reports and coordinate with developers to prioritize and remediate identified issues.

Promote a culture of security awareness and continuous improvement within the organization.

QUALIFICATIONS AND SKILLS

Minimum of 3-5 years of experience in application security, with a strong emphasis on manual code review and SAST tooling.

Proficiency in Ruby on Rails, Python, and javascript, with a deep understanding of secure coding principles and practices.

Experience with SAST tools such as Semgrep, Sonarqube, or Veracode, and the ability to configure and optimize these tools.

Strong communication skills, capable of effectively conveying complex security concepts to technical and non-technical stakeholders.

Proven track record in developing and delivering security training and education for software development teams.

Relevant security certifications (e.g., CISSP, CSSLP, OSCP) are a plus.

Knowledge of ColdFusion is a plus.

RESIDENCY REQUIREMENT

Finalsite offers 100% fully remote employment opportunities, however, these opportunities are limited to permanent residents of Poland. Current residency, as well as continued residency, within Poland is required to obtain (and retain) employment with Finalsite.

DISCLOSURES

Finalsite is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. EEO is the Law. If you have a disability or special need that requires accommodation, please contact Finalsite's People Operations Team. Finalsite is committed to the full inclusion of all qualified individuals. As part of this commitment, Finalsite will ensure that persons with disabilities or special needs are provided a reasonable accommodation. Ensure your Finalsite job offer is legitimate and don't fall victim to fraud. Ask your recruiter for a phone call or other type of verbal communication and ensure all email correspondence is from a finalsite.com email address. For added security, where possible, apply through our company website at finalsite.com/jobs.