Web Application Security Engineer

About Us

At Medius, we believe managing finance should be about strategy, not stress. That same mindset shapes not only the solutions we build, but also the culture we create for our people. We remove complexity, embrace innovation, and give our teams the freedom to focus on what truly matters — whether that’s transforming the future of finance with AI or finding balance to go home on time.

Founded in Sweden in 2001, Medius has grown from a local startup into a global leader in cloud-based spend management solutions. Today, thousands of organizations worldwide trust us to simplify accounts payable and spend management processes. Our journey has been driven by continuous innovation, a passion for technology, and above all — the people who make it happen.

We’re more than a software company. We’re a team of problem-solvers, innovators and collaborators working together to reinvent the category of accounts payable. Our solutions use Artificial Intelligence to eliminate manual work, bring clarity, confidence, and control, and empower finance teams of the future.

At Medius, our values guide how we work and grow together:

• Connect – We believe in the power of people—individually and collectively—and our success depends on understanding and respecting each other. We appreciate that ‘empowering finance teams of the future’ is an exciting endeavor, and we share it with everyone around us.

• Question – We enjoy the challenge of our work and the thrill of collaboration. We are not afraid to question ourselves and each other because we believe diverse perspectives can lead to better outcomes and that there is great power in resolution.

• Own – We are thorough, thoughtful, and decisive. We anticipate what’s next, what a customer might need, and then we deliver. That’s how we get things done. And that’s how we remain a leader. Customers trust us to do our job so that they can focus on what they do best.

At Medius, you’ll join a diverse, global community where curiosity is celebrated, ideas matter, and innovation never stops. If you’re passionate about technology, eager to make an impact, and ready to grow alongside a team that lives its values, Medius is where you can do your best work — your impact is global.

Learn more at www.medius.com

Job overview

Our security team is looking for a Web Application Security Engineer to help assure our customers that we design and implement our AI-enabled applications to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and helping our developers address security issues, elevate our application security maturity, building security automation, and fast reacting to new threat scenarios.

A successful candidate must adopt constructive dialogue and seek resolution when confronted with discordant views. Engineers in this role are expected to participate fully in the planning of our development teams’ work and constantly seek opportunities for process improvement. You will need a combination of troubleshooting, technical, and communication skills. This role will provide career growth opportunities as you gain new skills in the course of your duties in securing top-tier AI-powered solutions.

Responsibilities and Duties

• Security by design product features review

• DevSecOps enforcement

• Threat modelling

• SAST and DAST scanning

• Penetration testing

• Security training and outreach to development teams

• Secure development guidance documentation

• Security tools assessment and development

• Document security assessments, test results, and remediation plans for internal and external stakeholders

• Provide regular reports on the security posture of web applications, including vulnerability metrics and risk assessments.

Qualifications

• Engineering degree in Computer Science or related field, or equivalent work experience.

• Minimum of 5 years of experience with any combination of the following: threat modeling experience, secure coding, pentesting, identity management and authentication, software development, system and network security, authentication and security protocols, cryptography, and application security

• Strong understanding of web application vulnerabilities and remediation (OWASP Top10, OWASP Top 10 for LLM, OWASP Top 10 for API, SANS/CWE Top 25)

• Proven experience in conducting security assessments, penetration testing, and vulnerability management for web applications

Preferred Qualifications

• Experience implementing application security frameworks like SAMM and BSIMM

• An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)

• An understanding of web services

• Experience with multiple programming languages such as C#, Python, etc.

Soft Skills:

• Excellent critical thinking skills with an initiative-taking approach to identifying and mitigating security risks

• Effective communication and collaboration skills to work effectively with cross-functional teams

• Diligence and the ability to manage multiple tasks and priorities in a demanding environment

Medius is committed to fair and equitable compensation practices.

Actual compensation will be determined based on several factors, including but not limited to relevant skills, experience, qualifications, certifications, internal equity, and the geographic location in which the role is performed. Compensation may vary for roles performed in different locations due to differences in the cost of labor.

The total compensation package for this position may also include eligibility for variable compensation (such as a performance bonus or commission), benefits, and/or participation in other incentive or benefit plans, in accordance with the terms of the applicable plans. Benefits may include medical, dental, and vision coverage, paid time off, and retirement benefits, subject to eligibility requirements.

Medius is an equal opportunity employer. We are committed to providing equal employment opportunities to all qualified applicants and employees, without regard to race, color, religion, sex (including pregnancy, sexual orientation, and gender identity or expression), national origin, ancestry, age, disability (physical or mental), genetic information, medical condition, marital status, citizenship or immigration status, military or veteran status, or any other characteristic protected by applicable federal, state, or local laws.

If you require a reasonable accommodation due to a disability or for religious reasons during the application or interview process, please review our accommodations process.

#LI-HYBRID