Application Security Engineer
Description For Application Security Engineer
One is an innovative fintech company on a mission to revolutionize financial progress for customers. Backed by prominent investors Ribbit and Walmart, we're creating an all-in-one platform for saving, spending, borrowing, and growing money. We're addressing a crucial gap in the U.S. financial landscape, where millions are underserved by traditional banking systems.
As an Application Security Engineer, you'll play a pivotal role in ensuring the security and reliability of One's financial applications at scale. This position combines technical expertise with strategic thinking, requiring you to partner with engineering teams to embed security from the ground up. You'll be responsible for implementing secure development practices, conducting penetration testing, and developing security frameworks that protect our customers' financial data.
The ideal candidate brings 4+ years of security engineering experience, with deep knowledge of modern security practices, tools, and frameworks. You'll need proficiency in TypeScript, AWS, and security testing tools, along with experience in application architecture and deployment practices. Your expertise in cryptography, regulatory compliance, and security vulnerability assessment will be crucial.
This remote position offers a competitive salary range of $175,000-$220,000, along with comprehensive benefits including equity, 401(k) with match, and flexible time off. You'll join a fast-growing startup environment where you can make a direct impact on financial inclusion while working with cutting-edge security technologies.
If you're passionate about building secure financial systems that help people achieve their financial goals, and you embody our values of being Humble, Hungry, and Honest, this role offers an exceptional opportunity to shape the future of financial technology while growing your career in application security.
Responsibilities For Application Security Engineer
- Ensuring quality and security of applications through Secure Development Lifecycle (SDLC) process
- Performing SAST/DAST and penetration testing on core services, web and mobile applications
- Developing and maintaining in-house security testing framework
- Developing safe libraries and hardening existing frameworks
- Enforcing SDLC practices via Infrastructure-As-Code policies
- Validating security posture of new features
- Triaging and validating security vulnerabilities
- Training engineers on secure coding practices
- Contributing to application threat models
- Maintaining security architecture and controls
Requirements For Application Security Engineer
- 4+ years of experience in security engineering, DevSecOps, and application development
- Excellent knowledge of CVSS, MITRE ATT&CK, and OWASP Top 10
- Proficiency in TypeScript
- Practical understanding of AWS and core services
- Experience with modern application architecture and deployment practices
- Experience with Library/API/Framework development
- Experience with security scanning tools integration with CI/CD
- Expertise in verifying common security vulnerabilities
- Knowledge of cryptography including algorithms and standards
- Proficiency in security evaluation tooling (Burp, Wireshark, Kali)
- Understanding of regulatory compliance (GLBA, CCPA, PCI) preferred
- The Triple H Factor: Humble, Hungry and Honest
Benefits For Application Security Engineer
- Competitive cash compensation
- Benefits effective day one
- Generous stock option packages
- Flexible time off programs
- Vacation and sick leave
- Paid parental leave
- Paid caregiver leave
- 401(k) plan with match
Jobs Related To One Application Security Engineer
