Application Security Engineer

Paxos is on a mission to open the world’s financial system to everyone by enabling the instant movement of any asset in a trustworthy way. As an Application Security Engineer, you will ensure that the code is secure by design, identifying vulnerabilities and engineering automated solutions to empower developers. This role involves deep security reviews, managing security tools, and contributing to the security culture within the organization.

Responsibilities:

• Perform deep-dive security reviews of web applications, APIs, and cloud infrastructure
• Develop security-focused tools and libraries in Go, Java, or Ruby to assist developers in writing secure code
• Support our blockchain initiatives by identifying risks in L1/L2 integrations and smart contract interactions
• Manage and tune Web Application Firewalls (WAF) and cloud-native security controls
• Contribute to the security culture through developer training and participating in incident response when necessary
• Build and maintain the tooling that integrates security into our development lifecycle, moving from manual reviews to automated, scalable guardrails
• Partner with engineering teams during the design phase of new features (Threat Modeling) to identify risks before a single line of code is written
• Manage the end-to-end lifecycle of vulnerabilities, from discovery via internal audits or Bug Bounties to collaborating with engineers on 'gold-standard' remediations

Requirements:

• Proven ability to perform deep-dive manual security testing while also securing production-quality code
• Expert-level knowledge of OWASP Top 10, CWE, and API security vulnerabilities (Go, Java, or Ruby preferred)
• Experience building and scaling security checks directly into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins)
• Working knowledge of AWS/GCP security configurations, particularly IAM, VPCs, and WAF management