• Lead Payment Card Industry Data Security Standards (PCI DSS) Assessments as an ISA • Document assessment findings, provide gap analysis and recommendations for remediation • Provide advice and guidance to business units in all areas relating to payment security, including PCI DSS (Payment Card Industry Data Security Standards) and security best practices aligned to Cyber Security strategy • Liaise with external security assessment firms to ensure on-time completion of projects • Assist in preparing formal presentations of compliance status and issues to business units and management. • Partner with business units on the creation and collection of evidence in preparation for internal and external assessments • Lead Quarterly Security Reviews (QSRs) with business teams to ensure applicable PCI DSS controls are being performed and maintained • Advocate security best practice throughout the business • Assist in responding to compliance queries from third parties, clients, client reps, legal, advanced product specialists on behalf of the company

• Own remediation of cloud, identity, and application security findings • Design, implement, and maintain security controls across AWS • Triage and validate security alerts • Lead technical investigation and containment of security incidents • Coordinate incident response with IT, engineering, and external partners • Perform root cause analysis and drive preventative improvements • Improve detection quality by tuning alerts • Support compliance efforts such as SOC 2 • Automate repeatable security tasks • Document incidents, risks, remediation actions, and outcomes • Act as a technical escalation point and mentor

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description We are seeking a seasoned Application Security Engineer to help us secure our products and platform that serve our Fortune 500 customers. In this pivotal role, you will be working in close partnership with our engineering teams, ensuring that everything they build holds up to our security standards. While your primary focus will be application security, you are joining a small, elite team, and as such you will also work cross-domain, including working with MDM, or talking with customers directly. What You'll Do - Stay ahead of engineering: review code, architecture, design, anything that’s being considered for release - Guide features and designs toward security - Provide hands-on manual pentesting on relevant code changes - Build and maintain security tooling to ensure security scales with organization - Advise the DevOps team on infrastructure security best practices - Help out with client-facing security needs, such as client calls Qualifications - Proven experience securing products & platforms, collaborating with development teams - Strong expertise in application security: OWASP Top 10, threat modeling, code reviews, architecture design - Proficiency with AI tooling, as part of your day-to-day activities - Solid understanding of AI itself, including AI threats, adversarial testing - Familiarity with AWS and infrastructure security overall - Be comfortable writing and reviewing Python and TypeScript, with other coding experience a plus - Experience with incident response and SOC processes - Knowledge of compliance frameworks: SOC 2, ISO 27001, NIST - Experience with enterprise security processes, such as security questionnaires and client calls - We don’t expect candidates to have deep expertise in every area; strength in application security with curiosity and adaptability across adjacent domains is key What You'll Get - Ownership & Rapid Growth - Outsized missions from day one, with direct responsibility for company-defining projects - Work alongside the executive team with transparency into strategy and decision-making - Influence on direction through real-time customer feedback and market insights - AI-First Operator - Work directly with cutting-edge AI models and next-generation platforms - Build expertise in enterprise AI implementation across Fortune 500 companies and multiple industries - Establish yourself as a recognized leader among peers in shaping how AI transforms work at a global scale Compensation - Competitive salary including base + bonuses - Comprehensive health coverage (medical, dental, vision) from day one - Generous PTO, company-wide R&R shutdowns, and paid parental leave - Retirement plan support for US and global employees - A WFH stipend, phone stipend and support to work in a We Work or other space as preferred. Equity - Meaningful ownership in a venture-backed company at a growth inflection point - Financial upside that comes from scaling fast - Top-up grants as we scale and you deliver exceptional performance — your compensation grows alongside your impact Location and Work Environment - We’re looking for a candidate that can fully support our team in ET time zone (e.g. Toronto, NYC). - While we’re open to candidates from other areas, they need to be generally available during Eastern Time working hours. - Have valid travel documents without work authorization restrictions in the US. Diversity and Inclusion We are dedicated to creating a diverse and inclusive environment where everyone feels valued and supported. We encourage applications from candidates of all backgrounds and offer accommodations upon request throughout the hiring process. Employment Verification & Commitment We use third-party services to verify employment history, education, and other information relevant to your candidacy. Employment is contingent upon the successful completion of these verification checks. This is a full-time role that requires a high level of focus, availability, and commitment. Employees may not hold concurrent full-time employment with another organization while employed at Valence.

• Serve as an escalation point for SOC/EDR/XDR alerts and suspected security incidents. • Automate and optimize Incident Response procedures with PowerShell, Python, and scripted API calls. • Write custom detection rules in EDR platforms such as CrowdStrike, SentinelOne, and Microsoft Defender. • Test and deploy EDR agent updates. • Evaluate and implement endpoint and endpoint adjacent security solutions. • Document Incident Response procedures and cross-train technical personnel on those procedures. • Participate in penetration testing and tabletop Incident Response exercises. • Produce and improve security dashboards and reports. • Maintain solution and procedure documentation. • Collaborate with IT, Infrastructure, and Cloud teams to implement secure endpoint configurations and controls. • Identify gaps in endpoint security coverage and recommend remediation or enhancements. • Support vulnerability remediation and endpoint hardening initiatives. • Participate in an on-call rotation, being reachable 24/7 during assigned on-call periods, one week per month. • Coordinate with SOC and IT teams to investigate and resolve high-priority endpoint security incidents during on-call periods.