Sr. Application Security Engineer

Who are we?

Buyers Edge Platform stands at the forefront of revolutionizing the foodservice industry through technology, purchasing power and partnerships. We are dedicated to empowering stakeholders across the entire foodservice ecosystem (operators, distributors, manufacturers) with efficiency and unprecedented visibility. With a diverse portfolio of over a dozen brands, our mission is clear: to reduce costs, streamline the foodservice supply chain, and propel the industry from manual to automated.  

Today, we are one of the largest players in foodservice, with over 200K operator locations across North America and over $50 billion of aggregated spend volume. Our commitment to foodservice excellence is proven in four distinct areas of value: Digital Procurement Network, Fresh Solutions, Supply Chain Management, and Software. Buyers Edge Platform is not just a provider – we are a strategic partner on the journey towards a more efficient, connected, and automated future for the foodservice industry.

This position is remotely based, or it can also be hybrid out of one of our offices. We are unable to offer work sponsorship for this role. 

We are seeking a Sr. Application Security Engineer to improve the security posture of our applications to protect business value and establish confidence with our customers that share their confidential data with the platform.

Your impact:

• Secure Code Review:
  • Perform code reviews and static analysis on applications written in various programming languages (e.g., Java, Python, C#, JavaScript, etc.).
  • Identify and mitigate security vulnerabilities, such as injection flaws, broken authentication, sensitive data exposure, and others.
  • Provide guidance to development teams on secure coding practices and remediation strategies.
• Penetration Testing:
  • Plan, execute, and document penetration testing activities on web applications, mobile apps, and other software systems.
  • Utilize a wide range of tools and techniques to identify and exploit vulnerabilities.
  • Provide detailed reports and recommendations for risk mitigation and security improvements.
• Threat Modeling:
  • Collaborate with development teams to understand application architectures and data flows.
  • Conduct threat modeling exercises to identify potential security risks and attack vectors.
  • Provide guidance on secure design principles and risk mitigation strategies.
• Security Architecture Review:
  • Evaluate the security architecture of applications and infrastructure components.
  • Assess the implementation of security controls, such as authentication, authorization, cryptography, and secure communications.
  • Provide recommendations for improving the overall security posture and compliance with industry standards and regulations.
• Security Automation:
  • Develop and maintain security automation tools and scripts to streamline security testing and analysis processes.
  • Contribute to the continuous integration and deployment (CI/CD) pipeline by integrating security testing and reporting.
• Training and Mentoring:
  • Develop and deliver security awareness training programs for development teams.
  • Mentor junior security professionals and share knowledge and best practices across the organization.

About you:

• Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent work experience.
• Minimum of 5 years of experience in application security or a related field.
• Strong understanding of web application security principles, including OWASP Top 10, secure coding practices, and security testing methodologies.
• Proficiency in multiple programming languages and familiarity with various technology stacks.
• Experience with penetration testing tools (e.g., Burp Suite, OWASP ZAP, Nmap, Metasploit) and vulnerability assessment frameworks.
• Knowledge of secure design principles, threat modeling techniques, and security architecture review processes.
• Familiarity with security automation tools and scripting languages (e.g., Python, Bash, PowerShell).
• Strong analytical, problem-solving, and communication skills.
• Ability to work independently and as part of a team in a collaborative environment.
• Commitment to continuous learning and staying up-to-date with emerging security threats and best practices.

What's in this for you?

Amazing coverages to start. Medical, dental, and vision coverages are just the beginning! We also offer ancillary plans, such as flexible spending accounts for both health and dependent care, critical illness, accident, and voluntary life as well as company paid life and long-term-disability plans! On top of this, we also offer a 401(k) plan with company match.

Invest in your success. We will provide you with a thorough training and development program; and offer competitive compensation.

Live well = Work well. Relax with our Personal Responsibility Paid Time Off policy where you don’t have to accrue time off in order to take it! We also offer half-day Summer Fridays!