Application Security Engineer
About the Role
You will act as both a Breaker and a Builder: you will find complex security issues in web applications, APIs, and cloud infrastructure, and you will engineer automated solutions and tooling so developers can move quickly without compromising security. You will review designs, perform threat modeling for new features, manage WAFs and cloud-native controls, integrate security checks into CI/CD pipelines, support blockchain integrations and smart contract interactions, and manage the vulnerability lifecycle from discovery to gold-standard remediation. You will also contribute to developer training and participate in incident response when needed.
Requirements
- Proven ability to perform deep-dive manual security testing and secure production-quality code
- Expert-level knowledge of OWASP Top 10, CWE, and API security vulnerabilities
- Experience with Go, Java, or Ruby
- Experience building and scaling security checks into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins)
- Working knowledge of AWS or GCP security configurations including IAM, VPCs, and WAF management
- Experience with vulnerability management and Bug Bounty workflows
- Experience with threat modeling and incident response
Responsibilities
- Perform deep-dive security reviews of web applications, APIs, and cloud infrastructure
- Develop security-focused tools and libraries to assist developers in writing secure code
- Identify risks in L1/L2 integrations and smart contract interactions
- Manage and tune Web Application Firewalls and cloud-native security controls
- Provide developer training and participate in incident response
- Integrate security into the development lifecycle through automated guardrails
- Partner with engineering teams during design phases to perform threat modeling
- Manage the end-to-end lifecycle of vulnerabilities from discovery to remediation
Benefits
- Equity
- Performance-based bonuses
- Competitive benefits package