Application Security Engineer

Paxos is on a mission to open the world’s financial system to everyone by enabling the instant movement of any asset in a trustworthy way. As an Application Security Engineer, you will ensure that the code is secure by design, identifying vulnerabilities and engineering automated security solutions for developers.

Responsibilities:

• Perform deep-dive security reviews of web applications, APIs, and cloud infrastructure
• Develop security-focused tools and libraries in Go, Java, or Ruby to assist developers in writing secure code
• Support our blockchain initiatives by identifying risks in L1/L2 integrations and smart contract interactions
• Manage and tune Web Application Firewalls (WAF) and cloud-native security controls
• Contribute to the security culture through developer training and participating in incident response when necessary
• Build and maintain the tooling that integrates security into our development lifecycle, moving from manual reviews to automated, scalable guardrails
• Partner with engineering teams during the design phase of new features (Threat Modeling) to identify risks before a single line of code is written
• Manage the end-to-end lifecycle of vulnerabilities, from discovery via internal audits or Bug Bounties to collaborating with engineers on "gold-standard" remediations

Requirements:

• Proven ability to perform deep-dive manual security testing while also securing production-quality code
• Expert-level knowledge of OWASP Top 10, CWE, and API security vulnerabilities (Go, Java, or Ruby preferred)
• Experience building and scaling security checks directly into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins)
• Working knowledge of AWS/GCP security configurations, particularly IAM, VPCs, and WAF management