Security Engineer
About the Role
You will lead application security assessments, perform vulnerability scanning, conduct code reviews, and run threat modeling to identify risks. You will partner with product and development squads to drive remediation, integrate automated security tooling into CI/CD (SAST, DAST, SCA, IaC), and develop security standards and guardrails. You will collaborate with cloud and infrastructure security to align controls, support incident response for application-level events, contribute to root-cause analysis, build internal training to improve secure coding, and track security metrics and trends.
Requirements
- 4–8+ years of experience in security engineering, application security, offensive security, or secure software development
- Hands-on experience with Semgrep, Burp Suite, Snyk, Trivy or similar tools for static, dynamic, and dependency security analysis
- Solid understanding of web, API, and mobile security vulnerabilities (OWASP Top 10, API Top 10)
- Experience conducting threat modeling and secure design reviews
- Familiarity with cloud concepts and securing cloud workloads
- Collaborative mindset and ability to work closely with engineers to co-create practical security solutions
- Practical understanding of SDLC and integrating security into development workflows
- Ability to independently identify, prioritize, and drive remediation of critical findings
- Experience balancing security risk with business and technical constraints
- Experience or exposure to runtime application protection (RASP) or advanced monitoring (e.g., eBPF-based tooling)
- Experience with cloud security automation frameworks such as Security Hub remediations or DLP improvements
- Security certifications like CISSP, CSSLP, OSCP, GWAPT or similar
- Familiarity with compliance frameworks like SOC 2, ISO 27001, OWASP SAMM
- Prior experience in fintech, payments, or highly regulated environments
- Exposure to API security tooling and design best practices
Responsibilities
- Lead application security assessments including vulnerability scanning, code review, and threat modeling
- Partner with product and development squads to drive remediation and resolve security findings
- Integrate and scale automated security tooling across CI/CD pipelines (SAST, DAST, SCA, IaC)
- Develop and maintain application security standards, patterns, and guardrails
- Drive threat modeling and risk assessments for new features, APIs, and services
- Collaborate with cloud and infrastructure security to align controls across layers
- Support incident response for application-level security events and perform root-cause analysis
- Build internal training and awareness programs to elevate secure coding and developer security literacy
- Track and report key security metrics, trends, and continuous improvement insights to leadership
Benefits
- Unlimited time off (minimum 10 days required)
- Flexible working and home office stipend
- Comprehensive health, dental, and vision plans for US employees
- 100% company subsidized life insurance plan
- 401(k) with 4% company match
- Equity option plan
- Company-issued Rain Cards for product testing
- Eligible health and wellness spending using company card
- Team and company off-sites domestically and internationally