Application Security Engineer

 The Opportunity:

We are looking to hire an eager and skilful Application Security Engineer. This individual will support our Security Team in providing security support for our development houses and ensure the privacy and security of confidential business and personal information.

Key Responsibilities:

• Security Design & Architecture: Draft security requirements for systems services or integrations. Conduct secure design threat modeling and secure architecture initiatives.

• Engineering Collaboration: Collaborate frequently with different engineering teams to identify and address security issues. Attend engineering syncs to ensure that product features have security built-in.

• Full-Stack Reviews: Perform technical tasks on change and integration reviews including full security reviews from source code auditing to live application testing.

• Automation & SDLC: Contribute to the automated security controls we are building and take an active part in every aspect of the secure software development lifecycle (S-SDLC).

• Technical Guidance: Provide hands-on remediation guidance to development teams and perform technical lead tasks with other team members.

Qualifications :

Heres What Were Looking For:

• Experience: 4 years in AppSec. Proven experience performing web application penetration tests and vulnerability research. Skills in source code auditing product assessments and development of security tools are essential.

• Security Mindset: A breaker mentality with the ability to think like an attacker to identify flaws but effectively crafting the mitigating controls to fix them.

• Technical Proficiencies: 

  • Proficiency in Ruby on Rails Java and modern web dev (JavaScript Python etc.).

  • Deep understanding of OWASP Top 10 (XSS CSRF SQLi Cookie Manipulation etc.).

  • Practical knowledge of the OWASP Top 10 for LLM Applications (Prompt Injection Insecure Output Handling etc.).

  • Working experience in authentication: OAuth SAML and SSO.

  • General knowledge of applied cryptography.

  • Familiarity with cloud technologies and containerization.

  • Experience with SAST/DAST/SCA tools and integrating them into DevSecOps pipelines.

  • Ability to implement security guardrails for AI-driven features and validate model integrity (nice to have).

• Compliance & Audits: Knowledge of security audit certifications like PCI-DSS SOC 1 and SOC 2.

• Soft Skills: Ability to explain complex technical findings (from pentests or reviews) to both technical and non-technical audiences with empathy and clear communication.

Additional Information :

What We Offer:

• Competitive compensation
• Employee Stock Purchase Plan (ESPP)
• Flying Start - Our immersive Global Induction Program
• Work with brilliant people that will keep you on your toes learn more about their journeys by checking out #InsideFlywire on social media
• Dynamic & Global Team (we have been collaborating virtually for years!)
• Wellbeing Programs (Mental Health Wellness) with Global FlyMates
• Be a meaningful part in our success - every FlyMate makes an impact
• Competitive time off including FlyBetter Days to volunteer in a cause you believe in
• Digital Disconnect Days!
• Great Talent & Development Programs

Submit today and get started!

We are excited to get to know you! Throughout our process you can expect to meet with different FlyMates including the Hiring Manager Peers on the team the VP of the department and a skills assessment. Your Talent Acquisition Partner will walk you through the steps and be your go-to person for any questions.

Flywire is an equal opportunity employer. With over 30 nationalities across 12 different offices and diversity and inclusion at the core of our people agenda we believe our FlyMates are our greatest asset and were excited to watch our unique culture evolve with each new hire.

Flywire is an equal opportunity employer.

#LI-Hybrid

Remote Work :

No

Employment Type :

Full-time