Senior Application Security Engineer

Flexera saves customers billions of dollars in wasted technology spend. A pioneer in Hybrid ITAM and FinOps, Flexera provides award-winning, data-oriented SaaS solutions for technology value optimization (TVO), enabling IT, finance, procurement and cloud teams to gain deep insights into cost optimization, compliance and risks for each business service. Flexera One solutions are built on a set of definitive customer, supplier and industry data, powered by our Technology Intelligence Platform, that enables organizations to visualize their Enterprise Technology Blueprint™ in hybrid environments—from on-premises to SaaS to containers to cloud.

We’re transforming the software industry.  We’re Flexera.  With more than 50,000 customers across the world, we’re achieving that goal. But we know we can’t do any of that without our team.  Ready to help us re-imagine the industry during a time of substantial growth and ambitious plans?  Come and see why we’re consistently recognized by Gartner, Forrester and IDC as a category leader in the marketplace. Learn more at flexera.com

As a Senior Application Security Engineer, you will be a cornerstone of our Global Product Security organization. We don't just "check boxes"—we build paved roads. You will be responsible for securing a massive ecosystem that spans legacy on-prem C++ and C# applications to modern, cloud-native SaaS solutions built on Python, Go, and React. Your mission is to shift security left by empowering developers, not by being a bottleneck.

 

Key Responsibilities

• Secure Software Development Lifecycle (SSDLC): Design and integrate security gates into diverse CI/CD pipelines. You’ll be responsible for making SAST/DAST/SCA results actionable for developers across different tech stacks.

• Strategic Threat Modeling: Lead deep-dive threat modeling sessions for high-risk features. You should be able to visualize attack vectors for both a monolithic C# app and a distributed React/Go architecture.

• Security Research & Remediation: Conduct targeted manual code reviews and internal penetration tests. When a vulnerability is found, you don't just drop a report; you provide the "Gold Standard" fix or library.

• Vulnerability Management: Triage bugs from our Bug Bounty program and automated scanners. You will help prioritize risks based on business impact and exploitability.

• Security Architecture: Consult with product teams during the design phase to ensure we are building in "secure-by-default" patterns (e.g., OIDC, mTLS, encryption at rest).

Preferred Qualifications

• 7+ years of experience in Application Security or Software Engineering.

• Proven track record of building Security Champions programs to scale security culture across large engineering orgs.

• Relevant certifications (e.g., OSCP, CASE, GWEB) or a history of CVEs/Bug Bounty hall-of-fame recognitions.

• Experience with infrastructure-as-code (Terraform/Pulumi) to automate security configurations.

The "Culture Fit"

We are looking for a pragmatic expert. You understand that a "Perfectly Secure" product that never ships is a failure. You possess the "soft skills" to explain a complex SQL injection to a Product Manager and a Deep Buffer Overflow to a Senior C++ Developer without losing their trust.