Staff Application Security Engineer

Your Mission:
As part of the Engine team, you’ll play a vital role in an environment where innovation meets collaboration. Here’s what you’ll take charge of:

• Build out a vulnerability management CI/CD pipeline within our existing container/application delivery infrastructure while aligning security goals with business objectives.
• Collaborate with development leadership to implement secure coding practices, security controls, and remediation strategies throughout the software development lifecycle (SDLC).
• Design and perform security assessments, code reviews, and light penetration testing on web applications, mobile apps, and other software systems to identify potential vulnerabilities and security risks.
• Strategize and implement secure architectures, frameworks, and tooling for application security.
• Develop and maintain security policies, standards, and guidelines for application development and deployment.
• Stay up-to-date with the latest security threats, vulnerabilities, and industry best practices, and provide guidance to development teams accordingly.
• Participate in incident response and forensic investigations related to application security breaches or incidents.
• Develop relevant security training and awareness programs for developers, operations teams, and other stakeholders.

What You’ll Bring to Engine:
We’re looking for someone who’s ready to make an impact and grow alongside us:

• Proficiency in one or more programming languages (e.g., Ruby, Java, Python, C#, Node.js).
• Experience implementing security automation and continuous integration/continuous delivery (CI/CD) pipelines.
• Knowledge of containerization technologies (e.g., Docker, Kubernetes) and experience with automated container vulnerability management.
• Mastered static and dynamic application security testing tools (SAST, DAST, IAST, etc.) and comfortable with manual validation testing.
• Expertise in web application security principles, browsers, OWASP Top 10, secure coding practices, and threat modeling with frameworks like the Mitre Top 25.
• Knowledge of secure software development methodologies (e.g., DevSecOps, Secure SDLC).
• Deep understanding of Web Application Firewalls (WAF).
• Experience with cloud security concepts and best practices.
• Experience working with compliance frameworks such as SOC 2 and PCI.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work collaboratively with cross-functional engineering leadership, including developers, operations, and fraud teams.
• A passion for mentoring others.