RemoteLeaf Logo
Log in Sign up

Senior Application Security Engineer

1 week, 3 days ago
United States
Full-time
Senior
Application Security Engineer
Cybersecurity
Android Bash iOS JWT Kubernetes Python
Apply Now
Branch

Branch

Branch (branchapp.com) offers instant payment solutions for businesses, including contractor payouts, cashless tips, and earned wage access. They connect communities for social interactions and meet-ups, partnering with leading employers to empower wor...

Professional Services
51-250
Founded 2015
$633M raised
View All Jobs 10

Description

  • Embed security into the software development lifecycle by partnering with Engineering on secure design patterns, threat modeling, and AppSec training.
  • Lead and perform application security assessments across web, mobile, and API surfaces using a mix of automated and manual testing methods.
  • Drive API security controls for internal and external services, including authentication, authorization, rate limiting, and abuse prevention.
  • Own and improve the vulnerability management program, including prioritization, SLA tracking, and remediation coordination.
  • Champion software supply chain security efforts such as SBOM generation, dependency risk analysis, and third-party component vetting.
  • Support technical third-party risk reviews and vendor security assessments in partnership with GRC.
  • Respond to and lead security incidents from identification through post-incident review.
  • Implement security automation and orchestration to improve detection, response, and coverage at scale.
  • Implement, monitor, and continuously improve security controls across cloud infrastructure, endpoints, and product systems.
  • Assess and mitigate AI-related security risks in Branch’s use of LLMs and AI-powered features.

Requirements

  • 5–7 years of experience in security engineering or application security, ideally in a fintech or high-growth startup environment.
  • Strong communication skills with the ability to explain technical risk to engineering teams and senior leadership.
  • Hands-on experience with SAST and DAST tools such as Semgrep, Snyk, Checkmarx, Burp Suite Pro, or equivalent tools.
  • Proven ability to independently handle security incidents end-to-end, including malware, phishing, DLP events, and API abuse.
  • Experience securing cloud-native environments, including IAM, container/Kubernetes workloads, and serverless functions.
  • Working knowledge of API security standards including OWASP API Top 10, OAuth 2.0/OIDC, and JWT hardening.
  • Experience with mobile application security testing for iOS and Android is a plus.
  • Familiarity with security frameworks such as SOC 2, PCI-DSS, NIST CSF, and OWASP SAMM.
  • Scripting proficiency in Python and/or Bash for automation and tooling; experience with orchestration platforms such as Tines, XSOAR, or Torq is a plus.
  • Strong ethics and discretion, as the role regularly handles confidential and sensitive information.
  • Familiarity with AI/LLM security risks and emerging standards such as OWASP LLM Top 10 and MITRE ATLAS.
  • Security certifications such as OSCP, GWEB, CISSP, or SANS GWAPT are a plus.
  • Must be currently authorized to work in the USA without sponsorship or transfer.
  • Ability to work remotely within the United States only.

Benefits

  • Base salary range of $180k–$190k.
  • Market-leading medical, dental, and vision insurance.
  • Stock options.
  • Free Premium-Tier Origin Financial Wellness subscription.
  • Monthly home-office stipend.
  • 401(k) through TransAmerica.
  • 12 weeks of paid parental leave for birthing and non-birthing parents.
  • Flexible time off plus sick and safe time.
  • 11 paid company holidays.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Alphasense

Senior Business Applications Security Engineer

Alphasense 51-250 Industrial Conglomerates

AlphaSense is hiring a Senior Business Applications Security Engineer to build and own the security program for its business application ecosystem, centralizing and hardening access, integrations, and lifecycle controls across hundreds of tools.

India Full-time Lead Application Security Engineer Security Engineer
OAuth Salesforce SAML
19 hours, 18 minutes ago
Backblaze

Sr. Software Engineer - Application Security

Backblaze 251-1K IT Services

Backblaze is hiring an Application Security Engineer to strengthen the security of its cloud storage and backup products by embedding application security into new and existing software across a large, distributed stack.

Mexico Colombia Argentina Costa Rica Full-time Senior Application Security Engineer Software Engineer
C C++ Encryption Go HTTP Java JavaScript Linux Node.js Python REST API TypeScript
1 day, 19 hours ago
Bugcrowd

Product Security Engineering Manager

Bugcrowd 1K-5K Internet Software & Services

Bugcrowd is hiring a Product Security Engineering Manager to lead application, platform, and FedRAMP security programs while guiding a distributed team and advancing secure-by-default engineering across the company.

United States Full-time Senior Application Security Engineer
$176k-$242k
AWS Azure CI/CD Cybersecurity Docker GCP Go Java Kubernetes Linux Python Ruby Terraform
2 days, 12 hours ago
MongoDB

Senior Product Security Engineer, Server

MongoDB 1K-5K Internet Software & Services

MongoDB is hiring a Product Security professional to strengthen the security of its core database products and customer-facing security features for its Database Server team in Dublin or remotely in Ireland.

Ireland Full-time Senior Application Security Engineer
AWS Azure C++ Encryption GCP MongoDB Penetration Testing Secrets Management
2 days, 17 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers