Senior Application Security Engineer (Fintech)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Senior Application Security Engineer (Python/AI): Conducting application security reviews and managing vulnerabilities for a personal finance platform with an accent on Django/Python stack and AI security. Focus on applying AI security review processes for LLM-integrated features, building security automations, and mitigating prompt injection and data leakage risks.
Location: Remote (Applicants from almost anywhere are welcome)
Salary: $180K – $215K
Company
is a powerful, all-in-one personal finance platform designed to simplify financial management for its members.
What you will do
- Conduct application security reviews, threat modeling, and risk assessments for the Django/Python stack.
- Manage SAST/DAST operations, including triage, validation, and remediation tracking in CI/CD pipelines.
- Perform penetration testing and security assessments for web and API surfaces.
- Develop and improve AI security processes for LLM-integrated and agentic product surfaces, covering prompt injection and model abuse.
- Build security automations and AI-powered tooling to define requirements for AI workflows.
- Participate in the weekly security on-call rotation.
Requirements
- 5+ years in security engineering with depth in Application and AI security.
- Proficiency in Python and strong knowledge of OWASP Top 10 and API security.
- Hands-on experience with tools such as Semgrep, Burp Suite, or Nuclei.
- Familiarity with AI/ML security risks, including prompt injection and LLM supply chain risk.
- Transformative AI fluency, actively using AI tools to accelerate security work.
Nice to have
- Experience in fintech or with financial data security requirements.
- Familiarity with SOC 2, NIST CSF, or similar compliance frameworks.
- Cloud security experience, particularly with AWS (IAM, ECS/EKS).
- Relevant certifications like OSCP, BSCP, CSSLP, or CISSP.
- Experience in detection engineering, incident response, or red teaming.
Culture & Benefits
- Fully remote environment with no central office; work from wherever you are most productive.
- Competitive cash and equity compensation in a hyper-growth company.
- Stipend for setting up an ideal home working environment.
- Comprehensive benefit plans (Medical, dental, vision, and 401k for US-based employees).
- Unlimited PTO and a monthly "First Friday" day off for rest and recuperation.
Hiring process
- Recruiter video call and Hiring Manager video call.
- Take-home assignment.
- Virtual "onsite" round consisting of 2–4 interviews.
- Reference checks.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →