RemoteLeaf Logo
Log in Sign up

Senior Application Security Engineer

1 month ago
United States
Full-time
Senior
Application Security Engineer
Cybersecurity
Android Bash iOS JWT Kubernetes Python
Apply Now
Branch

Branch

Branch (branchapp.com) offers instant payment solutions for businesses, including contractor payouts, cashless tips, and earned wage access. They connect communities for social interactions and meet-ups, partnering with leading employers to empower wor...

Professional Services
51-250
Founded 2015
$633M raised
View All Jobs 10

Description

  • Embed security into the software development lifecycle by partnering with Engineering on secure design patterns, threat modeling, and AppSec training.
  • Lead and perform application security assessments across web, mobile, and API surfaces using a mix of automated and manual testing methods.
  • Drive API security controls for internal and external services, including authentication, authorization, rate limiting, and abuse prevention.
  • Own and improve the vulnerability management program, including prioritization, SLA tracking, and remediation coordination.
  • Champion software supply chain security efforts such as SBOM generation, dependency risk analysis, and third-party component vetting.
  • Support technical third-party risk reviews and vendor security assessments in partnership with GRC.
  • Respond to and lead security incidents from identification through post-incident review.
  • Implement security automation and orchestration to improve detection, response, and coverage at scale.
  • Implement, monitor, and continuously improve security controls across cloud infrastructure, endpoints, and product systems.
  • Assess and mitigate AI-related security risks in Branch’s use of LLMs and AI-powered features.

Requirements

  • 5–7 years of experience in security engineering or application security, ideally in a fintech or high-growth startup environment.
  • Strong communication skills with the ability to explain technical risk to engineering teams and senior leadership.
  • Hands-on experience with SAST and DAST tools such as Semgrep, Snyk, Checkmarx, Burp Suite Pro, or equivalent tools.
  • Proven ability to independently handle security incidents end-to-end, including malware, phishing, DLP events, and API abuse.
  • Experience securing cloud-native environments, including IAM, container/Kubernetes workloads, and serverless functions.
  • Working knowledge of API security standards including OWASP API Top 10, OAuth 2.0/OIDC, and JWT hardening.
  • Experience with mobile application security testing for iOS and Android is a plus.
  • Familiarity with security frameworks such as SOC 2, PCI-DSS, NIST CSF, and OWASP SAMM.
  • Scripting proficiency in Python and/or Bash for automation and tooling; experience with orchestration platforms such as Tines, XSOAR, or Torq is a plus.
  • Strong ethics and discretion, as the role regularly handles confidential and sensitive information.
  • Familiarity with AI/LLM security risks and emerging standards such as OWASP LLM Top 10 and MITRE ATLAS.
  • Security certifications such as OSCP, GWEB, CISSP, or SANS GWAPT are a plus.
  • Must be currently authorized to work in the USA without sponsorship or transfer.
  • Ability to work remotely within the United States only.

Benefits

  • Base salary range of $180k–$190k.
  • Market-leading medical, dental, and vision insurance.
  • Stock options.
  • Free Premium-Tier Origin Financial Wellness subscription.
  • Monthly home-office stipend.
  • 401(k) through TransAmerica.
  • 12 weeks of paid parental leave for birthing and non-birthing parents.
  • Flexible time off plus sick and safe time.
  • 11 paid company holidays.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Smartsheet

Senior Security Engineer II, Application Security (Remote Eligible)

Smartsheet 1K-5K Internet Software & Services

Smartsheet is hiring a Senior Security Engineer II to strengthen application security for its global SaaS platform by securing AI-integrated features, expanding security automation, and leading high-impact security reviews.

United States Full-time Senior Application Security Engineer
$175k-$245k
AWS Azure CI/CD GCP GitLab Go Java JavaScript LLM Penetration Testing Python Ruby TypeScript
2 days, 20 hours ago
e.l.f. Beauty

Senior Application Security Engineer

e.l.f. Beauty 251-1K Consumer Goods

Senior Application Security Engineer role at a remote marketing and digital commerce company focused on securing applications across the software development lifecycle.

India Full-time Lead Application Security Engineer
Agile AWS Azure CI/CD Cybersecurity DevSecOps GCP HTML JavaScript Penetration Testing Python REST API
5 days, 17 hours ago
Binance

Binance Accelerator Program - Blockchain / Smart Contract Security

Binance 5K-10K Capital Markets

Binance is seeking a Binance Accelerator Program participant to support smart contract and blockchain security work, including audits, vulnerability analysis, and risk detection across Web3 systems.

Asia Taiwan Hong Kong Internship Entry Level Application Security Engineer
Blockchain Git Python VS Code
6 days, 21 hours ago
Evolve Security Academy

Senior Application Security Tester & AI Red Team Subject Matter Expert

Evolve Security Academy 11-50 Internet Software & Services

Evolve Security is seeking a senior offensive security specialist to lead complex web, API, and AI red team engagements while defining the firm’s testing methodology for LLM-enabled and agentic systems.

United States Full-time Senior AI (Artificial Intelligence) Application Security Engineer
Bash GraphQL JavaScript JWT Metasploit Nmap OpenID Connect Penetration Testing Postman PowerShell Python REST API SAML SPA TypeScript
1 week, 1 day ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers