Application Security Engineer

Job Description

Job Description

About Us:

Versana is an industry-backed fintech on a mission to make the syndicated loan market better. By digitally capturing agent banks’ data on a real-time basis, Versana provides unprecedented transparency into loan-level details and portfolio positions, bringing efficiency and velocity to the entire market. Through our platform, participants can rest assured they are accessing the loan market’s most credible source of deal information.

 

About You:

Versana is looking for a Security Engineer to join our InfoSec squad. You will play an essential role in safeguarding our organization's information systems and data from potential threats and vulnerabilities. You will work collaboratively with senior engineers and cross-functional teams to enhance our security posture using cutting-edge technologies.

Key Responsibilities:

• Perform and validate application & API security testing (OWASP & API Top 10, business logic abuse, auth/authorization flaws, data exposure).
• Assist with vulnerability lifecycle management by gathering and normalizing findings (scanners, manual assessments, etc.), validating impact, setting priority, and assigning remediation tickets.
• Integrate and maintain security tooling in CI/CD (SAST, SCA, DAST, SBOM, container and secrets scanning) and collaborate with developers to tune signal vs noise.
• Assist with configuration and lifecycle management of AppSec tooling (e.g., CNAPP, WAF, secret management)
• Contribute to threat modeling & secure design reviews (data flows, trust boundaries, abuse cases, cloud IAM, entitlement surfaces)
• Partner with engineering, DevOps, product, and QA to embed secure patterns early (“shift left”) and provide code-level remediation guidance.
• Automate repetitive security tasks and reporting where possible (scripts, pipeline jobs, policy-as-code)
• Participate in incident response activities, including containment, eradication, and recovery efforts.
• Support the implementation of security policies, procedures, and standards.
• Stay up-to-date with the latest security trends, threats, and technology advancements.

Must Haves:

• +5 years combined experience in software development and/or application security engineering.
• Ability to read and develop secure code in at least one of: Python, Java, JavaScript/TypeScript, Go, or C#.
• Understanding of Application Security principles and web application vulnerabilities such as OWASP Top 10, their risk and remediations
• Basic understanding of cloud computing principles and services (e.g., AWS, Azure, Google Cloud).
• Exposure to security tools such as vulnerability scanners.
• Strong communication and teamwork skills.
• Detail-oriented with a proactive approach to identifying and mitigating security risks.

Nice to Haves:

• Pentest experience
• CompTIA Security+, CEH, GWAPT, OSCP or similar certifications.
• Infrastructure-as-Code knowledge such as Terraform.
• Experience in the financial sector

Equal Opportunity Employer

 

We are committed to providing equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.