About Conga/Apttus

Our new company was created on May 7, 2020 with the merger of Conga and Apttus. The combining of these two companies creates a leader in mission-critical business process solutions, allowing both small and large companies to modernize their business processes.

Together, the new Conga is poised to provide the most complete offering in the market to digitally transform the foundational elements of business -- documents like quotes, contracts, and the processes that surround them -- to achieve commercial excellence.

For more information on the new Conga, please visit our newsroom at: 

https://conga.com/press-release/apttus-conga-form-new-technology-leader-to-digitally-tranform-commercial-operations

Our shared values: The Conga Way 

A successful candidate will embody the essence of a Conganeer through demonstration of critical behaviors of The Conga Way:

• Embracing an Entrepreneurial Spirit
• Achieving Together
• Championing the Customers

The Conga Way is a core element of the Culture and Talent focus at Conga. This philosophy shapes the personality of our organization, defines how we show up every day, and provides clarity about how we work together.

Job Description:

• Bring Secure development and testing experience and Determine security requirements by evaluating business strategies and requirements, conducting system security and vulnerability analyses.
• Able to drive overall network and infrastructure security and define and maintain policies that govern how we deliver and maintain our production environments.
• Able to track and mandate processes within engineering to drive security into our SDLC including code scanning and application scanning focused on eliminating OWASP Top 10 vulnerabilities.
• Capable of talking to customers and responding to RFPs on security aspects of the system.
• Work with the security team on risk assessments and the studying of architecture/platform of business systems and to preempt potential issues.
• Evaluate the efficacy of existing security controls. Recommend and implement improvements as necessary.
• Work with external network penetration testing vendors
• Integrate automated security testing (including both static and runtime) capabilities into an evolving CI/CD program.
• Evangelize and enforce security best practices and embed security expertise within each scrum team.

Required Skills:

• 8+ years of experience in enterprise software security
• 3+ years of experience with the Salesforce platform, preferably overseeing architecture and security compliance.
• Development experience is a must. Experience is building controls to prevent and identify intrusion.
• Well versed with AWS, Azure and Salesforce clouds.
• Experience with OWASP testing Guide / Open Source Security Testing Methodology Manual.
• Experience with some of the compliance standards like FedRAMP, GDPR, NIST is preferred.
• Expert with common web application security testing tools including, but not limited to Burp, Fiddler, OWASP Zap, and at least one commercial solution (Checkmarx, Veracode, AppScan, or similar).
• Familiarity with Secure Development Lifecycle practices and Agile development.
• Thought leadership in the security field, with demonstrable contributions to industry groups strongly desired.

#LI-HLH