Application Security Engineer

We are looking for a highly motivated Application Security Engineer to join our platform team. In this role, you will be a crucial bridge in securing our platforms, proactively embedding security into our development process. What You'll Be Doing: - Vulnerability Management: Triage, validate, and prioritize security findings from our automated scanners (SAST/DAST/SCA) and external bug bounty programs. - DevSecOps Support: Help maintain and tune security tooling within our CI/CD pipelines to ensure we catch flaws before they reach production. - Collaborate and Educate: Partner closely with software engineers to explain security risks, provide remediation guidance, and promote a culture of secure coding. - Threat Modeling: Shadow and assist senior security engineers in threat modeling sessions to identify potential attack vectors during the design phase of new features. - Incident Response: Support the security team in investigating and mitigating application-level security alerts and incidents. What You Should Bring: - Experience: 1-3 years of experience in software development, IT, or cybersecurity (can include equivalent internships, bootcamps, or personal security research). - Technical Knowledge: A solid foundational understanding of web application architecture and common security flaws (e.g., OWASP Top 10, CWE). - Problem Solving: An analytical mindset with a passion for figuring out how things work-and how to break them safely. - Communication: Excellent written and verbal communication skills. You can explain a technical vulnerability to a developer without sounding accusatory (we assume positive intent and build trust). - Drive: A "Run" mentality. You are a self-starter who rejects complacency and is eager to continuously learn and grow in the AppSec space. Bonus Points: - Hands-on experience with modern application security testing tools (e.g., Burp Suite, Snyk, Aikido, ZAP). - Familiarity with assessing codebases and platforms using AI tooling.

• Familiarity with cloud security concepts (AWS). - Active participation in Bug Bounty platforms. - Basic understanding of containerization and orchestration (Docker, Kubernetes). Benefits: - Competitive health plans and a retirement plan (U.S.). - Flexible vacation policy, paid holidays, monthly lunch stipends, annual allowances for ongoing education, and home office, cell phone, and wellness reimbursements. - Global perks available to all employees across the globe, with some benefits varying by country. Equal Opportunity Employer: Fountain is proud to be an equal opportunity workplace. We welcome applicants of any educational background, gender identity and expression, sexual orientation, religion, ethnicity, age, socioeconomic status, disability, and veteran status. J-18808-Ljbffr