Skip to main content

Be a part of the company that’s transforming the way merchants do business

We’re a team of inspired problem solvers building powerful, intuitive point-of-sale tools for small and medium businesses. Hardware that’s stylish and functional. Software that scales to any business. We’ve sold over one million Clover devices to restaurants and shops all over the world—and probably in your own neighborhood.


Application Security Engineer

Job ID R-10300779 Date posted 04/19/2023

We're Clover, the largest cloud-based integrated commerce operating system for small and medium businesses.  You've probably seen us in your favorite restaurants and shops; we support over 700k merchants worldwide and in 2022 processed over $240 billion card transactions.  Clover enables merchants to accept payments, run their business and sell more.  Come help us transform the way merchants do business, join Clover. 

About the Team

  • This team’s primary responsibility is ensuring the security of Clover by building tooling and automation that supports application and platform engineering in writing and deploying secure code and infrastructure quickly. 

  • This team consults with other engineering teams on architecture, security reviews, vendor selection and qualification, and training / best practices.

What you will do:

  • Develop, configure and implement tooling to support DevSecOps processes including SAST, DAST, IAST, and SCA.

  • Evaluate application architectures for security related concerns, and consult on mitigation options.

  • Champion and enable security-related activities in the software engineering process (e.g., threat modeling, secure coding practices).

  • Assess infrastructure, web and application environments to help identify, and prioritize risks and vulnerabilities.

  • Manage our vulnerability backlog, partnering with Product and Engineering to ensure issues are addressed in accordance with SLA.

  • Manage our private bug bounty program and build a pen-test program for critical applications.

What you will need to have:

  • 5+ years of experience in application security ideally from a software or architecture background.

  • Strong understanding of common application vulnerabilities (e.g. OWASP Top 10).

  • Strong understanding of SAST, IAST, DAST, and SCA tooling.

  • Experience performing security architecture and design reviews.

  • Experience implementing / running a vulnerability management program

What would be great to have:

  • Experience with securing cloud architectures preferably in GCP.

  • Experience with common threat modeling frameworks (STRIDE, DREAD, etc.).

  • Experience with modern Web Application Firewall (WAF) solutions.

  • Experience running or participating in bug bounty programs.

  • Professional pen-testing  / red team experience

  • Experience with one or more of the following programming / scripting languages:

    • Java

    • Python

    • Javascript

    • Go

    • Bash

    • Kotlin

////// About Fiserv (our parent company) 

Fiserv (NASDAQ: FISV) is a global fintech leader with 40k+ associates proudly serving clients in more than 100 countries.  As a FORTUNE 500 company and receiving FORTUNE Magazine World’s Most Admired Companies award for 11 years, we are committed to excellence and purposeful innovation. 

Fiserv is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.  

Salary Range
These pay ranges apply to employees in New York and California. Pay ranges for employees in other states may differ.
This role is not eligible to be performed in Colorado
View All of Our Available Opportunities

Benefits & Perks