Beyond FinanceRemote
Senior Application Security Engineer
United States
Full Time
3 hours ago
$140,000 - $170,000 USD
H1B Sponsor Likely
Key skills
PythonGoRubyReactReact NativeRuby on RailsRailsAWSTerraformECSEKSCloudFormationIAMGitHubCloudflareSDLCCI/CDOWASPWAF
About this role
Beyond Finance is dedicated to helping everyday Americans escape debt and achieve a better financial future through technology and personalized care. They are seeking a Senior Application Security Engineer to lead their application security program, collaborate with engineering teams, and enhance secure development practices.
Responsibilities:
- Lead and evolve the company’s application security strategy, roadmap, and day‑to‑day operations
- Serve as the primary AppSec partner for numerous dev teams working on Ruby on Rails web apps, React Native mobile apps, and various other projects including Python and Go
- Provide security guidance during design, development, and code review for new features and projects
- Drive adoption of secure coding practices and threat‑modeling across engineering teams
- Manage and optimize existing AppSec tooling, including:
- GitHub Advanced Security (SAST, SCA, Secret Scanning)
- Invicti (DAST)
- Hadrian (ASM)
- AppDome (mobile application security)
- Cloudflare WAF
- Improve automation and integration of security tools into CI/CD pipelines
- Identify and implement additional tools or processes to strengthen the security posture
- Build and maintain secure development standards, playbooks, and training materials
- Partner with engineering teams during sprint planning and feature design to proactively address risks
- Conduct security reviews, code assessments, and vulnerability triage with development teams
- Work with DevOps to ensure secure AWS infrastructure deployments and configurations
- Contribute to hardening efforts across ECS, IAM, networking, and supporting cloud services
- Assist in designing and maintaining secure CI/CD workflows
- Lead or support investigation and remediation of application‑level vulnerabilities
- Monitor, prioritize, and track findings from SAST/DAST/ASM tools
- Collaborate with engineering to ensure timely and effective remediation
Requirements:
- 3–7+ years of experience in Application Security, Product Security, or related engineering roles
- Strong understanding of secure coding practices, common vulnerabilities (OWASP Top 10), and modern SDLC
- Experience working with cloud‑native applications, ideally in AWS
- Understanding of SSL certificates & cryptographic key management
- Hands‑on experience with SAST, DAST, WAFs, and/or mobile application security tools
- Ability to partner effectively with developers and influence secure design decisions
- Familiarity with GitHub‑based workflows and CI/CD pipelines
- Development experience with Ruby on Rails or similar dynamic languages
- Knowledge of AWS ECS/EKS, container security, secrets management and infrastructure‑as‑code (CloudFormation, Terraform)
- Experience building or maturing an AppSec program from early stages
- SOAR Automation & Scripting experience
- Experience working in a PCI compliant environment working with annual reporting needs