CAPTIVATEIQ INC
Senior Security Engineer - Application & Product Security
CAPTIVATEIQ INC, Raleigh, North Carolina, United States, 27601
Overview
Senior Security Engineer - Application & Product Security. Join to apply for the Senior Security Engineer - Application & Product Security role at CaptivateIQ. This range is provided by CaptivateIQ. Your actual pay will be based on your skills and experience talk with your recruiter to learn more. Base pay range $154,500.00/yr - $197,760.00/yr CaptivateIQ is the leading Sales Performance Management solution, recognized by Forrester and G2, and trusted by customers including Affirm, Gong, and Figma. With solutions for Sales Planning and Incentives, we help revenue teams automate processes, hit revenue targets, and adapt with business change, ultimately driving efficient growth. It's time to rethink ROI - your return on incentives - with CaptivateIQ. With backing from Sequoia, Accel, ICONIQ, Sapphire Ventures, and other leading investors, CaptivateIQ is on a mission to enable every company to improve their return on incentives and sales planning. About The Role Security is a core value at CaptivateIQ. As we scale and expand our suite of services, embedding security into every phase of product development is critical to building trust in everything we deliver. As a Senior Security Engineer focused on Application & Product Security, you will own our AppSec strategy - driving threat modeling, secure architecture design, and offensive security testing. You will lead manual and automated penetration testing, manage AppSec tooling (SAST, DAST, SCA), and build developer enablement programs. Youll also be responsible for vulnerability management, incident response for application-layer events, and ensuring compliance alignment for SOC 2, ISO 27001, and privacy requirements. This role blends offensive and defensive expertise with strategic influence, giving you the autonomy to shape a scalable, modern AppSec program. Job Location Remote Raleigh, NC Nashville, TN Toronto, Canada Responsibilities Threat Modeling & Architecture Reviews: Mature and scale a modern threat modeling program across products and services. Enable secure by design architectures in collaboration with Engineering teams Offensive Security Testing: Conduct penetration tests (white-box and black-box) for web applications and APIs. Perform dynamic (DAST), static (SAST), and software composition (SCA) analysis. Simulate adversary attack scenarios to validate controls and identify gaps Secure SDLC Integration: Embed security into every stage of development; implement automated security tooling in CI/CD pipelines Vulnerability Management: Triage and prioritize application-layer vulnerabilities and guide engineering teams through remediation Developer Enablement: Deliver secure development and coding training; create resources to reduce recurring vulnerabilities Bug Bounty Management: Oversee Bug Bounty program, validate findings, and ensure timely resolution Incident Response Leadership: Lead investigations for application-layer security incidents and conduct post-incident analysis Compliance Enablement: Support audits, technical evidence collection, and control design for SOC 2, ISO 27001, and privacy-by-design requirements Customer Trust: Contribute to customer security assessments, penetration test reports, and security documentation
Requirements
7+ years of experience in a security engineer or related role, including 4+ years specializing in web application, API, and product security Deep expertise securing multi-tenant SaaS platforms and features Strong communication and ability to influence software engineers and product managers Advanced experience conducting penetration tests, code reviews, and vulnerability assessments Expert knowledge of OWASP Top 10, web application and API security, and common vulnerability classes with practical remediation strategies Hands-on experience with AppSec tooling (SAST, DAST, SCA) integrated into CI/CD pipelines Strong programming and scripting skills (Python preferred) and ability to influence secure coding practices Proven ability to lead incident response for application-layer security events Familiarity with compliance frameworks (SOC 2, ISO 27001) and secure SDLC practices Knowledge of privacy-by-design principles and data security in SaaS environments Awareness of emerging AI/ML security risks and related countermeasures
Nice to have
Certifications such as OSCP, GCIH, GWAPT, or CISSP Familiarity with security frameworks such as NIST CSF, MITRE ATT&CK, OWASP ASVS, or ISO 27001 Experience with security tools such as EDR, SIEM, CSPM, CNAPP, vulnerability scanners, bug bounty platforms, WAFs, or compliance automation platforms Prior experience driving security engineering for a SaaS-based company Experience leveraging automation or AI/ML tools to improve secure development, detection, incident response, or code analysis workflows
Benefits
(US-ONLY) 100% of medical, dental, and vision covered including 75% for dependents Flexible vacation days and quarterly mental health days One-time expense on your 1-year work anniversary for travel, home furnishings, or a fancy meal (US-ONLY) 401k plan to participate in and save towards the future Newest Apple products to help you do your best work Employee Resource Groups (ERGs) to support and celebrate diverse communities
Notice to Prospective Candidates
Only emails from @captivateiq.com should be trusted We are aware of active recruitment scams using the CaptivateIQ name. We will never ask for sensitive information or request offers without multiple rounds of interviews conducted securely. Participate in an on-call rotation to provide after-hours support, ensuring timely resolution of critical issues and maintaining system uptime
The base range represents the minimum and maximum for this position across North America. For candidates in Raleigh, the range is $170,980$197,760; for Toronto and Nashville locations, the range is $154,500$177,160. The compensation offered for this position will depend on numerous factors, including individual proficiency, anticipated performance, and the location of the selected candidate. Our OTE is just one component of CaptivateIQ's competitive total rewards package. Seniority level
Not Applicable Employment type
Full-time Job function
Information Technology Industries
Software Development Referrals increase your chances of interviewing at CaptivateIQ by 2x Get notified about new Senior Product Security Engineer jobs in Raleigh, NC. Were unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr
Senior Security Engineer - Application & Product Security. Join to apply for the Senior Security Engineer - Application & Product Security role at CaptivateIQ. This range is provided by CaptivateIQ. Your actual pay will be based on your skills and experience talk with your recruiter to learn more. Base pay range $154,500.00/yr - $197,760.00/yr CaptivateIQ is the leading Sales Performance Management solution, recognized by Forrester and G2, and trusted by customers including Affirm, Gong, and Figma. With solutions for Sales Planning and Incentives, we help revenue teams automate processes, hit revenue targets, and adapt with business change, ultimately driving efficient growth. It's time to rethink ROI - your return on incentives - with CaptivateIQ. With backing from Sequoia, Accel, ICONIQ, Sapphire Ventures, and other leading investors, CaptivateIQ is on a mission to enable every company to improve their return on incentives and sales planning. About The Role Security is a core value at CaptivateIQ. As we scale and expand our suite of services, embedding security into every phase of product development is critical to building trust in everything we deliver. As a Senior Security Engineer focused on Application & Product Security, you will own our AppSec strategy - driving threat modeling, secure architecture design, and offensive security testing. You will lead manual and automated penetration testing, manage AppSec tooling (SAST, DAST, SCA), and build developer enablement programs. Youll also be responsible for vulnerability management, incident response for application-layer events, and ensuring compliance alignment for SOC 2, ISO 27001, and privacy requirements. This role blends offensive and defensive expertise with strategic influence, giving you the autonomy to shape a scalable, modern AppSec program. Job Location Remote Raleigh, NC Nashville, TN Toronto, Canada Responsibilities Threat Modeling & Architecture Reviews: Mature and scale a modern threat modeling program across products and services. Enable secure by design architectures in collaboration with Engineering teams Offensive Security Testing: Conduct penetration tests (white-box and black-box) for web applications and APIs. Perform dynamic (DAST), static (SAST), and software composition (SCA) analysis. Simulate adversary attack scenarios to validate controls and identify gaps Secure SDLC Integration: Embed security into every stage of development; implement automated security tooling in CI/CD pipelines Vulnerability Management: Triage and prioritize application-layer vulnerabilities and guide engineering teams through remediation Developer Enablement: Deliver secure development and coding training; create resources to reduce recurring vulnerabilities Bug Bounty Management: Oversee Bug Bounty program, validate findings, and ensure timely resolution Incident Response Leadership: Lead investigations for application-layer security incidents and conduct post-incident analysis Compliance Enablement: Support audits, technical evidence collection, and control design for SOC 2, ISO 27001, and privacy-by-design requirements Customer Trust: Contribute to customer security assessments, penetration test reports, and security documentation
Requirements
7+ years of experience in a security engineer or related role, including 4+ years specializing in web application, API, and product security Deep expertise securing multi-tenant SaaS platforms and features Strong communication and ability to influence software engineers and product managers Advanced experience conducting penetration tests, code reviews, and vulnerability assessments Expert knowledge of OWASP Top 10, web application and API security, and common vulnerability classes with practical remediation strategies Hands-on experience with AppSec tooling (SAST, DAST, SCA) integrated into CI/CD pipelines Strong programming and scripting skills (Python preferred) and ability to influence secure coding practices Proven ability to lead incident response for application-layer security events Familiarity with compliance frameworks (SOC 2, ISO 27001) and secure SDLC practices Knowledge of privacy-by-design principles and data security in SaaS environments Awareness of emerging AI/ML security risks and related countermeasures
Nice to have
Certifications such as OSCP, GCIH, GWAPT, or CISSP Familiarity with security frameworks such as NIST CSF, MITRE ATT&CK, OWASP ASVS, or ISO 27001 Experience with security tools such as EDR, SIEM, CSPM, CNAPP, vulnerability scanners, bug bounty platforms, WAFs, or compliance automation platforms Prior experience driving security engineering for a SaaS-based company Experience leveraging automation or AI/ML tools to improve secure development, detection, incident response, or code analysis workflows
Benefits
(US-ONLY) 100% of medical, dental, and vision covered including 75% for dependents Flexible vacation days and quarterly mental health days One-time expense on your 1-year work anniversary for travel, home furnishings, or a fancy meal (US-ONLY) 401k plan to participate in and save towards the future Newest Apple products to help you do your best work Employee Resource Groups (ERGs) to support and celebrate diverse communities
Notice to Prospective Candidates
Only emails from @captivateiq.com should be trusted We are aware of active recruitment scams using the CaptivateIQ name. We will never ask for sensitive information or request offers without multiple rounds of interviews conducted securely. Participate in an on-call rotation to provide after-hours support, ensuring timely resolution of critical issues and maintaining system uptime
The base range represents the minimum and maximum for this position across North America. For candidates in Raleigh, the range is $170,980$197,760; for Toronto and Nashville locations, the range is $154,500$177,160. The compensation offered for this position will depend on numerous factors, including individual proficiency, anticipated performance, and the location of the selected candidate. Our OTE is just one component of CaptivateIQ's competitive total rewards package. Seniority level
Not Applicable Employment type
Full-time Job function
Information Technology Industries
Software Development Referrals increase your chances of interviewing at CaptivateIQ by 2x Get notified about new Senior Product Security Engineer jobs in Raleigh, NC. Were unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr