Application Security Engineer

Flywire
Municipality of Valencia, Spain
2 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Municipality of Valencia, Spain

Tech stack

Java
Software System Penetration Testing
User Authentication
Cloud Computing
Web Development
OAuth
Open Web Application Security
PCI Data Security Standards
Systems Development Life Cycle
Ruby on Rails
Security Assertion Markup Language (SAML)
Single Sign-On
Web Applications
DevOps Tools - Open-source
Large Language Models
Software Security
Containerization
Static Application Security Testing
Vulnerability Analysis
Dynamic Application Security Testing

Job description

Experteer Overview In this role you will support a Security Team to protect Flywire's development environments and confidential information.You will work with multiple engineering teams to weave security into product features and workflows.You'll conduct secure design, threat modeling, and full-spectrum security reviews across the development lifecycle.Your hands-on guidance will help teams remediate issues and advance automated security controls in our SDLC.This position offers strategic impact in securing a world-scale payments platform.Compensaciones / Beneficios- Security design and architecture: draft requirements and lead secure design initiatives- Engineering collaboration: partner with engineering to address security issues and ensure built-in security- Full-stack reviews: conduct security reviews from code auditing to live testing- Automation & SDLC: contribute to automated security controls and secure SDLC processes- Technical guidance: provide remediation guidance and act as a technical lead on security topicsResponsabilidades- 4+ years in Application Security- Experience with web app penetration testing and vulnerability research- Source code auditing, product assessments, and development of security tools- Security mindset with attacker perspective and effective mitigating controls- Proficiency in Ruby on Rails, Java, and modern web development- Understanding of OWASP Top 10 and OWASP Top 10 for LLM Applications- Experience with authentication (OAuth, SAML, SSO) and applied cryptography- Familiarity with cloud technologies, containerization, and DevSecOps tools (SAST/DAST/SCA)- Knowledge of PCI-DSS, SOC 1, SOC 2 audits- Strong ability to explain complex findings to diverse audiencesRequisitos principales- Competitive compensation- Employee Stock Purchase Plan (ESPP)- Flying Start induction program- Wellbeing programs (Mental Health, Wellness)- FlyBetter Days for volunteering- Digital Disconnect Days

Requirements

Experience with web app penetration testing and vulnerability research

  • Source code auditing, product assessments, and development of security tools
  • Security mindset with attacker perspective and effective mitigating controls
  • Proficiency in Ruby on Rails, Java, and modern web development
  • Understanding of OWASP Top 10 and OWASP Top 10 for LLM Applications
  • Experience with authentication (OAuth, SAML, SSO) and applied cryptography
  • Familiarity with cloud technologies, containerization, and DevSecOps tools (SAST/DAST/SCA)
  • Knowledge of PCI-DSS, SOC 1, SOC 2 audits
  • Strong ability to explain complex findings to diverse audiencesRequisitos principales

Benefits & conditions

Competitive compensation

  • Employee Stock Purchase Plan (ESPP)
  • Flying Start induction program
  • Wellbeing programs (Mental Health, Wellness)
  • FlyBetter Days for volunteering
  • Digital Disconnect Days

Apply for this position