Senior Application Security Engineer at Rain

United States

Apply
More jobs at Rain

Senior Application Security Engineer role at Rain, a fast‑growing fintech in the U.S., responsible for strengthening application security, conducting threat modeling, integrating security tools into CI/CD, and collaborating with engineering and security teams to enhance Rain’s security posture across cloud and on‑prem platforms.

Requirements

Experience

  • 3–5+ years of experience in application security, penetration testing roles, and/or secure code development, including work with QA teams

Skills

  • Fluent English, strong verbal and written communication skills
  • Strong problem‑solving and analytical mindset
  • Excellent communication skills to convey security risks to technical and non‑technical stakeholders
  • Hands‑on experience with SAST, DAST, and SCA tools (Semgrep, Burp, Snyk)
  • Deep understanding of web, mobile, and API vulnerabilities (OWASP Top 10, API Top 10, MITRE CWE)
  • Proven expertise in performing code review or security assessments and writing clear reports
  • Proficiency in at least one backend language (Go, Python, Node.js)
  • Understanding of React/React Native front‑ends
  • Familiarity with secure architecture of microservices, event‑driven systems, and REST APIs using OAuth2/OpenID Connect
  • Experience securing CI/CD pipelines and integrating AppSec tooling into SDLC
  • Solid knowledge of containerization and Kubernetes security fundamentals
  • Understanding of cloud security (preferably AWS), including IAM principles, cloud‑native service configurations, and network segmentation
  • Comfortable with Agile development methodologies and working within cross‑functional squads
  • Software supply chain security (SBOM, artifact signing)

Languages

  • English

Certifications

  • OSCP
  • OSWE
  • GWAPT
  • CPTE
  • CSSLP
  • AWS Security Specialty
  • GCP Security Specialty
  • Azure Security Specialty

Responsibilities

  • Collaborate with development squads to validate vulnerabilities and provide actionable remediation guidance aligned with business risk
  • Drive threat modeling sessions (e.g., STRIDE, PASTA) for critical systems and APIs
  • Design, implement, and oversee automated processes for securely updating application and code dependencies, proactively mitigating issues and ensuring timely vulnerability remediation
  • Integrate security checks into CI/CD pipelines (SAST, DAST, SCA, IaC), working with tools like Semgrep, Snyk, Trivy, and Burp Suite
  • Contribute to runtime security initiatives, such as container/Kubernetes hardening, RASP, and eBPF-based detection
  • Build and maintain a security issues dashboard to track remediation status and metrics
  • Provide real‑time support in the event of cybersecurity incidents impacting applications or cloud infrastructure (exploited vuln, credential stuffing, web/API attacks)
  • Partner with the Cloud Security team on security automation tasks and monitoring improvements (e.g., Security Hub remediation automations, DLP monitoring, etc.)
  • Conduct proactive research on new threats, vulnerabilities, and attack techniques relevant to Rain’s architecture
  • Collaborate with the GRC team to develop and deliver internal security awareness initiatives, phishing campaigns, and developer training (e.g., secure coding, API security)
  • Participate in the continuous improvement of AppSec maturity (e.g., aligning with OWASP SAMM, ISO 27001, or SOC 2 frameworks)

Technologies

SemgrepSnykTrivyBurp SuiteSASTDASTSCAIaCContainer/Kubernetes hardeningRASPeBPFSecurity HubDLPOWASP SAMMISO 27001SOC 2AWSGCPAzureCloudWatchDatadogGrafanaGoPythonNode.jsReactReact NativeOAuth2OpenID Connect

See if your resume is ready for this job

See how our AI can optimize your resume and improve your chances for this role.