• Partner with Accounting, FP&A, AP/AR, and operational stakeholders to elicit, analyze, and document complex business requirements, ensuring functional needs are clearly translated into system-ready designs and configurations. • Design and develop financial application solutions that include workflows, validations, approval logic, roles, permissions, and business rules, with a focus on scalability, accuracy, and alignment with accounting principles. • Perform hands‑on configuration and development within financial systems, including building custom fields, forms, calculations, and automation that reduce manual effort and improve data consistency. • Analyze existing finance processes and system usage to identify inefficiencies, control gaps, or opportunities for automation, and engineer solutions that improve processing speed, accuracy, and auditability. • Design, implement, and maintain integrations between financial systems and upstream/downstream applications such as HRIS, supply chain, project management, banking, and data platforms, ensuring reliable data flow and reconciliation. • Define and support data models, mappings, and transformation logic across systems, proactively troubleshooting root causes of data discrepancies and implementing sustainable fixes. • Develop and execute testing strategies, including unit testing, system testing, and user acceptance testing, to validate that solutions meet both functional requirements and accounting outcomes prior to deployment. • Support system upgrades, enhancements, and new feature releases by evaluating impact, modifying configurations as needed, and coordinating testing and deployment across sandbox, testing, and production environments. • Provide Tier 2 and Tier 3 support for complex financial system issues, performing root‑cause analysis, resolving defects, and driving corrective actions rather than short‑term workarounds. • Ensure all system designs and changes align with internal controls, segregation of duties, audit requirements, and change management standards, while producing clear technical and functional documentation to support audits and ongoing system knowledge. • Collaborate with individual department, as well as cross-functionally with other departments within the organization. • Maintain organizational excellence in terms of project timelines and deliverables. • Demonstrates the Clēnera Core Values of Caring, Committed, and Courageous. • Other duties as assigned.

• The team is responsible for supporting the sustainment of Applications/Services providing the backend administration and support in the Oracle Cloud Infrastructure. • Individual will assist in defining requirements, designing and building data center technology components and testing efforts. • Other responsibilities include: • Install Application client tools on VDI Images/Pools • Troubleshoot connections to Applications and integrations Load Balancing Configuration for Applications • Application configuration with SAML/SSO Authentication • Provide Level 2 and 3 support for related integration issues • Create a management plan, validate sizing, and forecasted sizing • Maintain licenses and key secrets in vault STIGs and CDRL Documentation

Role Description We are looking for a Senior Application Security Engineer to join our Engineering team and own the security posture of our software and development practices. This is a hands-on role for someone with a strong software engineering background who is genuinely passionate about security - not a traditional infosec role, but one that sits at the intersection of engineering and security. You will be our primary security expert embedded in the Engineering organization, acting as the first responder on security topics: - Bug bounty programs - Penetration testing - Vulnerability management - Security risk tracking You will work closely with our engineering teams to embed security guardrails into our development workflows, including our growing AI-assisted and Agentic development practices. We are ISO 27001 certified and take our compliance obligations seriously. You will play a key role in: - Ensuring our controls remain in place - Evolving our security awareness program - Continuously improving the tools and practices that keep us ahead of the curve Qualifications - 6+ years of software engineering or application security experience, with a strong coding background - Strong TypeScript/Node.js experience; good knowledge of Ruby on Rails, React, Kubernetes, and AWS - Deep understanding of application security concepts: OWASP Top 10 (Web and API), vulnerability management, secure SDLC, and threat modeling - Hands-on experience with application security tooling such as SAST, DAST, and SCA - Experience coordinating or participating in bug bounty programs and penetration testing engagements - Experience working within ISO 27001 or similar compliance frameworks - Experience integrating security practices into CI/CD pipelines and developer workflows - Able to take a security initiative from problem identification through to implementation - Already working with AI-assisted development tools in your day-to-day workflow - Strong communication skills - Comfortable working across engineering teams without direct authority Requirements - Drive things to completion and don't wait to be pushed - Explain complex security topics to engineers and non-technical stakeholders alike - Communicate security risks clearly and pragmatically, without blocking delivery Benefits - Exciting challenges: Face new technical challenges daily, keeping your work engaging and rewarding. - Competitive compensation: We offer a competitive salary with attractive benefits. - Flexibility: Benefit from flexible working hours because the future is flexible! - Continuous learning: Access a yearly learning budget for conferences & training to support your professional growth. - Global retreats: Participate in international company retreats, fostering a global team spirit. - Equipment: Yearly refreshment of your IT Equipment budget for your home working setup. - Amazing team: Collaborate with a truly exceptional team—seriously, we’re awesome!

Role Description We're hiring a Senior Application Security Engineer to join a small, high-leverage AppSec team. This is a deep-technical IC role with a staff-leaning scope: - Set the technical direction and own delivery on how we find, fix, and prevent vulnerabilities across Qualia's products and cloud infrastructure. - Be the person other engineers want in the room when an architecture decision has a security dimension. - Partner daily with product engineering, infrastructure, and platform teams. - Work closely alongside existing AppSec engineers, raising the technical bar of the team while staying deeply hands-on with code, tooling, and adversarial testing. Responsibilities - Run offensive assessments against Qualia's applications and infrastructure: manual penetration testing, exploit development, authenticated web/API testing, and adversarial review of new designs before they ship. - Lead threat modeling and secure design review for the highest-risk initiatives across the company, and mentor engineers to do the same for their own work. - Own and evolve our AppSec tooling stack end-to-end - SAST, DAST, SCA, secret scanning, IaC scanning, and the CI/CD gates that tie them together. - Build the custom rules, detections, and automation that generic tooling doesn't provide. - Harden our cloud posture: review AWS configurations, IAM policies, Kubernetes/EKS workloads, and networking boundaries. - Build automation and guardrails that prevent the same class of issue from recurring. - Reduce toil for the team - write the tools, scripts, and integrations that turn a day of triage into a few minutes. - Partner with Infrastructure and Platform on detection engineering, incident response support, and cross-cutting programs (secrets management, supply chain, runtime security). - Set the technical bar for the AppSec team: raise the quality of reviews, establish patterns others can reuse, and mentor peers across seniority levels. - Represent AppSec in architectural reviews, vendor evaluations, and compliance efforts. Qualifications - 8+ years of hands-on experience in application security, offensive security, or security engineering. - Demonstrable depth in at least two of: offensive testing, security tooling/automation, and cloud/infra security. - Strong offensive skills - able to manually exploit real web and API vulnerabilities beyond what a scanner will find. - Deep familiarity with building and operating security tooling in a modern engineering organization. - Production experience with AWS (IAM, VPC, networking, data services), containerized workloads (Docker, Kubernetes/EKS), and infrastructure-as-code (Terraform or similar). - Comfort reading, reviewing, and contributing code in at least one language common to modern web stacks (Python, Go, Ruby, TypeScript, or similar). - Clear, direct communication style. - Strong partnership instincts - leverage by making other teams faster, not by blocking them. Nice to Have - Experience in fintech, proptech, healthcare, or another regulated industry where data sensitivity is high. - Background meaningfully contributing to a bug bounty program. - Experience with identity and access systems (OIDC, SAML, federation, fine-grained authorization). - Detection engineering, DFIR, or red-team experience. - Open source contributions to security tooling, published research, or CVE credits. - Relevant certifications (OSCP, OSWE, GWAPT, GPEN, etc.) - valued but not required. Benefits - Base annual salary of $180,000-$210,000 plus a competitive equity and benefits package. - Comprehensive health plans. - 401k program and commuter benefits. - Professional development and parental leave. - Flexible time off policy. - Robust online onboarding program to train new hires. - Biweekly all hands meetings and a variety of internal virtual events.