Updox, an EverCommerce solution, is seeking an Application Security Engineer to join our team. We believe that high quality, innovative software is built in a collaborative workshop environment, rather than by workers on an assembly line. Our team values passion and dedication over drudgery and busywork. We believe in sharing and valuing everyone's thoughts and ideas and empowering our engineers to go beyond just developing to yes or no criteria and think about the problem more holistically.

You:

You have a passion for breaking new ground every day, while working hard to ensure that our applications deliver the highest degree of layered security possible. We understand that application security is an ever-evolving practice requiring drive to continuously improve one's craft while striving for perfection each day. You're excited by continuously learning new tools, languages, and technologies, and you take pride in working to stay one step ahead of the current threat landscape. Finally, you have a passion to champion security best practices to ensure that our engineering teams are armed with the latest knowledge, best tooling, and best practices possible for delivering secure applications.

Us:

Updox, an EverCommerce solution, provides next-generation virtual care, patient engagement and office productivity solutions that enable practices to reduce costs and drive revenue. Based on increasing demand for solutions that seamlessly work together to improve practice efficiency and provide an engaging patient experience, Updox has continuously brought new functionality to market.

EverCommerce [Nasdaq: EVCM] is a leading service commerce platform, providing vertically tailored, integrated SaaS solutions that help more than 600,000 global service-based businesses accelerate growth, streamline operations, and increase retention. Our modern digital and mobile applications create predictable, informed, and convenient experiences between customers and their service professionals. Specializing in Home & Field Services, Health Services, and Fitness & Wellness industries, EverCommerce solutions include end-to-end business management software, embedded payment acceptance, marketing technology, and customer engagement applications.

Where:

Updox headquarters are in Dublin, Ohio. The EverCommerce team is distributed across North America, with more than 40 office locations in the U.S. and Canada. With a widely distributed team, we are used to working remotely across different time zones. This role can be based anywhere in the United States; if you're near one of our offices and want to work in-office, we can set that up, or this role can be 100% remote. You must be eligible to work in the United States to qualify for this role.

Key Responsibilities/What You'll Be Doing:

An Application Security Engineer is responsible for participating in all aspects of planning, deploying, documenting, monitoring, and maintaining the layered security capabilities within our applications. These activities include but are not limited to:

• Help design application threat models, run application threat assessments.
• Work with the development teams to provide insight into potential attack vectors and secure coding best practices
• Work with the development teams to identify and remediate application vulnerabilities
• Develop, maintain, and update application security strategy, standards, and best practices in line with NIST SP 800-53
• Ensure application security best practices are incorporated into all phases of the SDLC
• Own and manage SAST/DAST tools
• Investigate application security vulnerabilities in 3rd party applications, and vet 3rd party software libraries and frameworks
• Lead application security risk assessments, and remediation of findings.
• Participate in quarterly risk assessment and mitigation initiatives
• Contribute code to remediate vulnerabilities
• Write and update documentation
• Mentor/educate staff on application security best practices and current industry best practices

Essential Job Functions

• Evaluate and remediate application vulnerability findings 40%
• Automate security testing 25%
• Application Security Reviews and Thread Modeling 20%
• Mentoring/Pairing/Code Reviews 10%
• Meetings/Presentations/Demos 5%

Skills & Experience:

• Bachelor's degree in Computer Science or related experience.
• Minimum of 1 year security experience.
• Experience securing web, mobile, and on-prem applications.
• Experience implementing, and designing secure software architectures
• Experience in all phases of the SDLC, and a strong understanding of security and secure coding best practices, as well as their technical implementations
• Experience with the OWASP top 10, NIST SP 800-53, SANS top 20, and CIS
• Experience with the MITRE ATT&CK Framework
• Experience with SAST/DAST tools
• Experience conducting code reviews and identifying security vulnerabilities.
• Excellent analytical and problem-solving skills
• Excellent organizational and time-management skills
• Strong knowledge of web applications and APIs desired

Benefits and Perks:

• Flexibility to work where/how you want - in-office, remote, or hybrid
• Continued investment in your professional development
• Robust health and wellness benefits
• 401k with up to a 4% match
• Monthly wellness stipend
• Start with 17 days of PTO, 11 holidays, and a day off to volunteer each year
• Employee Stock Purchase Program
• Student Loan Repayment Program

EverCommerce is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We look forward to reviewing your credentials and getting to know more about your experience!