RemoteLeaf Logo
Log in Sign up

Senior Application Security Engineer

1 month, 3 weeks ago
United States
Full-time
Senior
Application Security Engineer
Cybersecurity
Android Bash iOS JWT Kubernetes Python
Apply Now
Branch

Branch

Branch (branchapp.com) offers instant payment solutions for businesses, including contractor payouts, cashless tips, and earned wage access. They connect communities for social interactions and meet-ups, partnering with leading employers to empower wor...

Professional Services
51-250
Founded 2015
$633M raised
View All Jobs 9

Description

  • Embed security into the software development lifecycle by partnering with Engineering on secure design patterns, threat modeling, and AppSec training.
  • Lead and perform application security assessments across web, mobile, and API surfaces using a mix of automated and manual testing methods.
  • Drive API security controls for internal and external services, including authentication, authorization, rate limiting, and abuse prevention.
  • Own and improve the vulnerability management program, including prioritization, SLA tracking, and remediation coordination.
  • Champion software supply chain security efforts such as SBOM generation, dependency risk analysis, and third-party component vetting.
  • Support technical third-party risk reviews and vendor security assessments in partnership with GRC.
  • Respond to and lead security incidents from identification through post-incident review.
  • Implement security automation and orchestration to improve detection, response, and coverage at scale.
  • Implement, monitor, and continuously improve security controls across cloud infrastructure, endpoints, and product systems.
  • Assess and mitigate AI-related security risks in Branch’s use of LLMs and AI-powered features.

Requirements

  • 5–7 years of experience in security engineering or application security, ideally in a fintech or high-growth startup environment.
  • Strong communication skills with the ability to explain technical risk to engineering teams and senior leadership.
  • Hands-on experience with SAST and DAST tools such as Semgrep, Snyk, Checkmarx, Burp Suite Pro, or equivalent tools.
  • Proven ability to independently handle security incidents end-to-end, including malware, phishing, DLP events, and API abuse.
  • Experience securing cloud-native environments, including IAM, container/Kubernetes workloads, and serverless functions.
  • Working knowledge of API security standards including OWASP API Top 10, OAuth 2.0/OIDC, and JWT hardening.
  • Experience with mobile application security testing for iOS and Android is a plus.
  • Familiarity with security frameworks such as SOC 2, PCI-DSS, NIST CSF, and OWASP SAMM.
  • Scripting proficiency in Python and/or Bash for automation and tooling; experience with orchestration platforms such as Tines, XSOAR, or Torq is a plus.
  • Strong ethics and discretion, as the role regularly handles confidential and sensitive information.
  • Familiarity with AI/LLM security risks and emerging standards such as OWASP LLM Top 10 and MITRE ATLAS.
  • Security certifications such as OSCP, GWEB, CISSP, or SANS GWAPT are a plus.
  • Must be currently authorized to work in the USA without sponsorship or transfer.
  • Ability to work remotely within the United States only.

Benefits

  • Base salary range of $180k–$190k.
  • Market-leading medical, dental, and vision insurance.
  • Stock options.
  • Free Premium-Tier Origin Financial Wellness subscription.
  • Monthly home-office stipend.
  • 401(k) through TransAmerica.
  • 12 weeks of paid parental leave for birthing and non-birthing parents.
  • Flexible time off plus sick and safe time.
  • 11 paid company holidays.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Workleap

DevSecOps Lead

Workleap 251-1K Internet Software & Services

Workleap is hiring a DevSecOps Lead to embed security into its AI-enabled SDLC, CI/CD pipelines, and Azure-based product development workflows across its Workleap and ShareGate platforms.

Canada Full-time Lead Application Security Engineer
$126k-$151k
Azure Bash C# CI/CD DevSecOps GitHub Actions .NET OAuth OpenID Connect Python SAML
10 hours, 13 minutes ago
Zscaler

Director, Product Management, Customer Security Outcomes

Zscaler 1K-5K Internet Software & Services

Zscaler is hiring a Director of Product Management for Customer Security Outcomes to lead the vision and strategy for its security operations services in a fully remote U.S. role.

United States Full-time Executive Application Security Engineer Product Manager
$200k-$285k
Generative AI Machine Learning
2 days, 9 hours ago
Chainguard

Senior Product Security Engineer

Chainguard 51-250 Internet Software & Services

Chainguard is hiring a Staff Product Security Engineer to embed security into its open source software delivery and cloud-native product stack, with ownership of secure pipelines, product hardening, and security architecture across the company.

United Kingdom Full-time Lead Application Security Engineer
AWS CI/CD GCP GitHub Actions Go Kubernetes OWASP Penetration Testing Python Secrets Management Tekton
3 days, 9 hours ago
Chainguard

Senior Product Security Engineer

Chainguard 51-250 Internet Software & Services

Chainguard is hiring a Senior Product Security Engineer to embed security into its cloud-native product and delivery pipelines, helping protect hardened open source builds from development through production.

Canada Full-time Senior Application Security Engineer
AWS CI/CD GCP GitHub Actions Go Kubernetes OWASP Penetration Testing Python Secrets Management Tekton
3 days, 9 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers