Application Security Engineer II

At Commerce, our mission is to empower businesses to innovate, grow, and thrive with our open, AI-driven commerce ecosystem. As the parent company of BigCommerce, Feedonomics, and Makeswift, we connect the tools and systems that power growth, enabling businesses to unlock the full potential of their data, deliver seamless and personalized experiences across every channel, and adapt swiftly to an ever-changing market. Simply said, we help businesses confidently solve complex commerce challenges so they can build smarter, adapt faster, and grow on their own terms. If you want to be part of a team of bold builders, sharp thinkers, and technical trailblazers, working together to shape the future of commerce, this is the place for you.

BigCommerce, part of the Commerce brand family, helps merchants increase sales at every stage of their growth. From small startups to mid-market businesses and large enterprises, we provide the leading e-commerce platform. Our customers can then concentrate on what's most important: growing their businesses. We enable our customers to build, innovate, and grow, collectively reshaping the e-commerce industry.

As an Application Security Engineer II at BigCommerce, you are a developing application security practitioner who can independently execute security assessments and partner effectively with engineering teams to improve secure development practices.

You have moved beyond entry-level execution and are comfortable leading well-scoped security reviews, performing application testing with minimal guidance, and providing actionable remediation advice. You are not yet responsible for broad program ownership or formal mentorship, but you are a dependable contributor who raises the security bar through strong technical execution.

• Perform regular and ongoing penetration testing of BigCommerce’s evolving applications and services.

• Conduct security code audits and participate in architectural and design reviews.

• Review project technical designs and follow through implementation to ensure secure outcomes.

• Triage and validate findings from SAST, DAST, and SCA tools (e.g., Checkmarx, Snyk).

• Work directly with engineering teams to provide clear, practical remediation guidance.

• Respond to application-related security incidents, providing technical analysis and support.

• Assist in maintaining and improving internal security tooling and automation.

• Utilize vulnerability and telemetry data to identify trends and support risk prioritization.

• Contribute to improving AppSec documentation, standards, and secure coding guidance.

• Advocate secure development practices across the BigCommerce ecosystem.

• Conduct research to identify new attack vectors relevant to our platform.
   

• Bachelor’s degree in Computer Science, Engineering, MIS, or equivalent experience.

• 2–4 years of experience in application security-related disciplines (code review, penetration testing, security engineering, DevSecOps).

• 1–2 years of software development experience in PHP, Ruby, Java, Scala, or similar.

• Strong understanding of web application security concepts, vulnerabilities, exploits, and prevention techniques.

• Experience performing independent code reviews and security assessments.

• Hands-on experience with SAST/SCA tools such as Checkmarx and Snyk.

• Ability to explain security issues clearly and effectively to developers.

• Strong written and verbal communication skills.

• Experience working with globally distributed teams

• Security certification (CISSP, OSCP, GISP, or actively pursuing).

• Experience contributing to internal security tooling or automation.

• Familiarity with cloud environments (AWS, GCP).

• Experience participating in bug bounty programs.

• Exposure to DevSecOps and CI/CD integration practices.
   

At this level, you are expected to:

• Independently execute well-defined security assessments.

• Deliver accurate, actionable remediation guidance.

• Identify recurring vulnerability patterns and suggest improvements.

• Demonstrate sound technical judgment within your scope.

• Operate with limited supervision on day-to-day tasks.

• Continue developing toward senior-level depth and influence.

#LI-KE1

#LIHybrid

(Pay Transparency Range: $75,559.00 - $127,784.00)

At Commerce, we believe that celebrating the unique histories, perspectives and abilities of every employee makes a difference for our company, our customers and our community. We are an equal opportunity employer and the inclusive atmosphere we build together will make room for every person to contribute, grow and thrive.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the interview process, to perform essential job functions and to receive other benefits and privileges of employment. If you need an accommodation in order to interview at Commerce, please let us know during any of your interactions with our recruiting team.

Learn more about the Commerce team, culture and benefits at https://www.commerce.com/careers/

Commerce, along with many other employers, has become the subject of fraudulent job offers to hopeful prospective job seekers.
Be advised:
Commerce does not offer jobs to individuals who do not go through our formal hiring process.
Commerce will never:

• require payment of recruitment fees from candidates;

• request personally identifiable information through unsanctioned websites or applications;

• attempt to solicit money from you as part of the hiring process or as part of an employment offer;

• solicit money to complete visa requirements as part of a job offer.

If you receive unsolicited offers of employment from Commerce, we urge you to be extremely cautious and avoid engaging or responding.