Senior Application Security Engineer role at Rain, a fast‑growing fintech in the U.S., responsible for strengthening application security, conducting threat modeling, integrating security tools into CI/CD, and collaborating with engineering and security teams to enhance Rain’s security posture across cloud and on‑prem platforms.
Senior Application Security Engineer at Rain
United States
More jobs at RainRequirements
Experience
- 3–5+ years of experience in application security, penetration testing roles, and/or secure code development, including work with QA teams
Skills
- Fluent English, strong verbal and written communication skills
- Strong problem‑solving and analytical mindset
- Excellent communication skills to convey security risks to technical and non‑technical stakeholders
- Hands‑on experience with SAST, DAST, and SCA tools (Semgrep, Burp, Snyk)
- Deep understanding of web, mobile, and API vulnerabilities (OWASP Top 10, API Top 10, MITRE CWE)
- Proven expertise in performing code review or security assessments and writing clear reports
- Proficiency in at least one backend language (Go, Python, Node.js)
- Understanding of React/React Native front‑ends
- Familiarity with secure architecture of microservices, event‑driven systems, and REST APIs using OAuth2/OpenID Connect
- Experience securing CI/CD pipelines and integrating AppSec tooling into SDLC
- Solid knowledge of containerization and Kubernetes security fundamentals
- Understanding of cloud security (preferably AWS), including IAM principles, cloud‑native service configurations, and network segmentation
- Comfortable with Agile development methodologies and working within cross‑functional squads
- Software supply chain security (SBOM, artifact signing)
Languages
- English
Certifications
- OSCP
- OSWE
- GWAPT
- CPTE
- CSSLP
- AWS Security Specialty
- GCP Security Specialty
- Azure Security Specialty
Responsibilities
- Collaborate with development squads to validate vulnerabilities and provide actionable remediation guidance aligned with business risk
- Drive threat modeling sessions (e.g., STRIDE, PASTA) for critical systems and APIs
- Design, implement, and oversee automated processes for securely updating application and code dependencies, proactively mitigating issues and ensuring timely vulnerability remediation
- Integrate security checks into CI/CD pipelines (SAST, DAST, SCA, IaC), working with tools like Semgrep, Snyk, Trivy, and Burp Suite
- Contribute to runtime security initiatives, such as container/Kubernetes hardening, RASP, and eBPF-based detection
- Build and maintain a security issues dashboard to track remediation status and metrics
- Provide real‑time support in the event of cybersecurity incidents impacting applications or cloud infrastructure (exploited vuln, credential stuffing, web/API attacks)
- Partner with the Cloud Security team on security automation tasks and monitoring improvements (e.g., Security Hub remediation automations, DLP monitoring, etc.)
- Conduct proactive research on new threats, vulnerabilities, and attack techniques relevant to Rain’s architecture
- Collaborate with the GRC team to develop and deliver internal security awareness initiatives, phishing campaigns, and developer training (e.g., secure coding, API security)
- Participate in the continuous improvement of AppSec maturity (e.g., aligning with OWASP SAMM, ISO 27001, or SOC 2 frameworks)
Technologies
SemgrepSnykTrivyBurp SuiteSASTDASTSCAIaCContainer/Kubernetes hardeningRASPeBPFSecurity HubDLPOWASP SAMMISO 27001SOC 2AWSGCPAzureCloudWatchDatadogGrafanaGoPythonNode.jsReactReact NativeOAuth2OpenID Connect
See if your resume is ready for this job
See how our AI can optimize your resume and improve your chances for this role.