Job Description

We are seeking a Lead Application Security Engineer to join our fin-tech client’s growing security team. You'll be pivotal in identifying and closing security vulnerabilities by working closely with our development teams. Your primary focus will be to oversee the entire process of establishing secure development standards, executing penetration tests to uncover weaknesses, and devising effective mitigation strategies.

Compensation: $170,000 - $220,000 base + 15% bonus

Logistics: 100% remote in the US

Work authorization: US Citizen, no sponsorship available

Here’s what you’ll be doing:

• Spearheading detailed Security Design Reviews, Code Reviews, and Threat Modeling at the product and feature levels.
• Leading manual security assessments and establishing robust secure coding standards.
• Undertaking penetration testing on web and mobile applications to root out potential vulnerabilities.
• Scrutinizing our software for potential threats that could be exploited via user interfaces.
• Evaluating, documenting, and reporting on discovered vulnerabilities, providing clear remediation strategies.
• Collaborating closely with Product and Engineering teams to devise and deploy risk-mitigating solutions.
• Formulating guidelines for the secure use of open-source software, ensuring adherence to security benchmarks.
• Engaging with a wide audience, from tech experts to business leaders, to discuss security assessments and recommendations.

And here’s what you need:

• A minimum of 7 years dedicated to application security, with a strong emphasis on secure coding, threat analysis, and pen testing.
• Mastery over security testing methodologies and tools, including but not limited to fuzz testing and Burp Suite.
• Proficiency in various programming languages like Java, React, Node.js, PHP, Scala, C, or Python to perform in-depth code reviews.
• Expertise in identifying and prioritizing security risks within modern application architectures including Front End, APIs, Microservices, and Containers.
• Outstanding communication skills to articulate complex security concepts to both tech and non-tech audiences.
• A thorough grasp of the evolving landscape of cyber threats and the strategies malicious actors employ.