Application Security Engineer

development lifecycle (S-SDLC). Technical Guidance: Provide hands-on remediation guidance to development teams and perform technical lead tasks with other team members. Qualifications Experience: 4+ years in AppSec. Proven experience performing web application penetration tests and vulnerability research. Skills in source code auditing, product assessments, and development of security tools are essential. Security Mindset: A "breaker" mentality, with the ability to think like an attacker to identify flaws, and crafting mitigating controls to fix them. Technical Proficiencies: Proficiency in Ruby on Rails, Java, and modern web dev (JavaScript, Python, Node.js, etc.). Deep understanding of OWASP Top 10 (XSS, CSRF, SQLi, Cookie Manipulation, etc.). Practical knowledge of the OWASP Top 10 for LLM Applications (Prompt Injection, Insecure Output Handling, etc.). Working experience in authentication: OAuth, SAML, and SSO. General knowledge of applied cryptography. Familiarity with, cloud

technologies and containerization, Experience with SAST/DAST/SCA tools and integrating them into DevSecOps pipelines. Ability to implement security guardrails for AI-driven features and validate model integrity (nice to have). Compliance & Audits: Knowledge of security audit certifications like PCI-DSS, SOC 1, and SOC 2. Soft Skills: Ability to explain complex technical findings to both technical and non-technical audiences with empathy and clear communication. What We Offer Competitive compensation Employee Stock Purchase Plan (ESPP) Flying Start - Our immersive Global Induction Program Dynamic & Global Team (collaborating virtually) Wellbeing Programs (Mental Health, Wellness) with Global FlyMates Meaningful impact - every FlyMate makes an impact Competitive time off including FlyBetter Days to volunteer in a cause you believe in Digital Disconnect Days Great Talent & Development Programs Flywire is an equal opportunity employer.