Application Security Engineer

Vacancy NameApplication Security Engineer Vacancy NoVN991 Job TitleApplication Security Engineer Work Location CityMinneapolis About SolifiSolifi deliver a solid financial technology foundation for equipment, working capital, wholesale, and automotive finance firms. At Solifi, we believe that commerce is only as strong as the system it runs on. Our mission is to reshape finance technology by bringing together proven solutions into a singular powerful technology platform designed to help protect and scale financial organizations. We guard our customers by being precise and reliable, we guide their success by combining powerful technology with proven expertise, and we help them grow by unleashing their potential. About the Team

The Application Security Engineer to join our ISG (Information Security Group), reporting to the Cyber Security Manager. The ISG team is responsible for protecting Solifi's infrastructure, applications, and data assets. The Security Engineer will be working cross-functionality with IT, SaaS and Hosting, and Engineering teams.

About the PositionThe Application Security Engineer is responsible for contributing to the design, development, testing, and implementation of products enhancements and initiatives within the organization''s IT network and SaaS Solutions. Their primary responsibility is to help safeguard the organization''s development processes and product code / configurations against potential threats by supporting a comprehensive, layered secure development lifecycle and CI/CD that aligns with industry standards and best practices. Role and Responsibilities• Develops an understanding of current and emerging threats and contributes to threat research and the development of the organization''s security strategy.

• Communicates and collaborates effectively with cross-functional teams to integrate security practices throughout the organization''s products and software development lifecycle.
• Evaluate and recommend security technologies that strengthen the organization's defensive posture.
• Help with Security tools migration and merging security processes and procedures.
• Lead product security reviews: Drive security assessments across applications and services (including web applications, APIs, and microservices) through code reviews, threat modeling, and dynamic/static analysis.
• Influence architecture and design: Serve as a security thought partner for product architects and engineers. Guide threat modeling efforts, assess technical risk, and champion security best practices throughout the SDLC.
• Drive strategic initiatives: Own high impact security projects that shape the future of our product security posture. Past initiatives have included supply chain security automation, advanced SAST/DAST integrations, and secure development training programs.
• Product / Application security Governance: Develop and manage security governance processes and procedures for the threat modeling program and application security design & DevSecOps programs.
• Product / Application security compliance monitoring and Reporting: Monitor and track compliance with application owners to ensure implementation of security controls as planned. Develops reports for management concerning residual risk and non-compliance.
• Identify and support remediation of vulnerabilities: Leverage available tools (e.g., static/dynamic analysis, scanning platforms, and internal reports) to investigate security issues, assess root causes, and design effective remediation strategies. Partner closely with engineering teams to provide guidance and support throughout the implementation of fixes, ensuring they align with security best practices.
• Enable engineering teams and scale application security through enablement: Build frameworks, guidance, and tooling that empower engineering teams to independently build secure systems. Act as a mentor and subject matter expert across teams.
• Contributes to the development and maintenance of Incident Response (IR) plans and playbooks to ensure effective handling of security incidents.
• Supports responses to security incidents, including post-event analysis to identify root causes and improve future resilience. About You

Required Qualifications

• A Bachelor's degree in information technology/security.
• 2-4 years of experience in the IT/Information Security field, or an equivalent combination of education and experience.
• Understanding of Information Security and IT Risk Management.
• Familiarity with current IT risks and security solution implementation.
• Experience with threat modeling frameworks, attack vectors and vulnerability analysis: CAPEC, ATT&CK, STRIDE.
• Experience with application security controls (Web, API, Mobile, AI).
• Experience with common information security management and application frameworks: NIST 800-53, CSF, OWASP ASVS.
• Experience with Application Security design and DevSecOps.
• Full stack knowledge of application architectures including Single Page Applications, REST APIs, SOAP APIs, Mobile Applications.
• Experience with Java, JavaScript and mobile application development.
• Knowledge or familiarity with database architectures including Oracle, SQL, DB2 and NoSQL Databases.
• Experience with Cloud security, architecture, design, implementation, and operations.
• Good exposure to IAM Controls (OAuth 2.0, OIDC, JWT) and solid familiarity with Cryptography Controls (encryption of Data at rest and Data in transit).
• Basic project management skills and progress reporting.
• Ability to interact with diverse personnel to support security measures.
• Skill in planning, organizing, and prioritizing workloads.
• Good written, verbal communication, business acumen, and commercial outlook.
• Any of the following certifications is a plus: Security+, CEH, CISSP, CISM, CCSP, CCSK, GCIH, GCIA.

Additional Competencies

• Analytical: Synthesizes complex and diverse information; collects and researches data to inform decisions; leverages intuition and experience to complement data analysis; designs efficient workflows and procedures to enhance operational effectiveness.
• Business Acumen: Understands the business implications of decisions and their impact on profitability; demonstrates a strong knowledge of market trends and competition; aligns work and initiatives with the organization''s strategic goals and vision.
• Innovation: Exhibits original thinking and creativity; tackles challenges with resourcefulness; generates actionable suggestions to improve processes and performance; develops and implements innovative approaches and ideas that capture attention and inspire collaboration.
• Communication and Presence: Communicates clearly and effectively in verbal, written, and presentation formats across diverse audiences, including teams, vendors, customers, and stakeholders at various organizational levels.
• Planning and Organizing: Prioritizes and plans work activities effectively; uses time and resources efficiently; anticipates future needs and allocates resources accordingly; sets clear goals and objectives; organizes and schedules tasks to execute realistic and actionable plans.
• Drive for Results: Applies analytical thinking and creativity to identify and address complex challenges with innovative problem-solving strategies; evaluates potential risks and proactively develops and implements strategies to mitigate them, ensuring successful outcomes.
• Strategic Thinking: Develops and executes long-term strategies that align with the company's vision and objectives; demonstrates the ability to anticipate trends and adapt plans to achieve organizational success.

Technical Competencies

• Foundational Technical Skills: Continuously assesses strengths and areas for growth; actively pursues training and development opportunities; strives to build and expand technical knowledge; shares expertise with peers to foster team growth.
• Network Security: Demonstrates strong knowledge of networking fundamentals, including firewalls, intrusion detection systems (IDS), access control, and VPNs, to protect and secure network infrastructure.
• System Security: Proficient in implementing data protection, hardware security, and endpoint protection solutions to safeguard systems and sensitive information.
• Incident Response: Deep understanding of the core stages of the incident response lifecycle, including preparation, identification, containment, eradication, and recovery, to mitigate and respond to security incidents effectively.
• CyberSecurity Technologies: Hands-on experience with tools and platforms such as Kali Linux, SAST, DAST, Wiz, SonarQube, Polaris/Synompsis, BlackDuck, Sonatype NexusIQ (or similar tools).
• Platforms & Operating Systems: Proficient in working with multiple platforms & operating systems, including AWS, Azure, Windows OS, macOS, Linux OS, Containers.
• Application Security:  Solid knowledge in secure architecture design, product / application security, DevSecOps. Strong Knowledge of secure coding practices, patch management, and vulnerability remediation to protect applications from security threats.
• Vulnerability Assessments: Skilled in identifying, assessing, reporting, and mitigating vulnerabilities to reduce risks and enhance system security.
• Governance: Knowledgeable in risk management and regulatory compliance, ensuring alignment with industry standards and organizational policies.

Preferred Experience Level3 years Preferred Education LevelBachelor''s Degree Employment BasisFull Time BenefitsMedical, Dental, Vision, Flexible Spend Account (FSA), Health Savings Account (HSA), Life and Accidental Death & Dismemberment (AD&D) Insurance Coverage, Disability Insurance Coverage (Short Term and Long Term), Employee Assistance Program (EAP), 401K Tax Deferred Retirement Savings Plan Applications Close Date04 Aug 2026