Security Engineer, Application Security

Job Title: Security Engineer Application Security

Salary Range: $109221 - $114221/year

Job Location: 141 Tremont St 10th Floor Boston MA 02111; Telecommuting permissible from
any location within US

Job Description: Responsible for ensuring the security of applications and software systems developed and used within the organization. This role involves conducting application security reviews performing secure code analysis integrating security testing into CI/CD pipelines and guiding developers on secure coding practices. Design and implement security protocols for Healthcare EDU and B2B applications conducting regular threat modeling and vulnerability assessments to identify and mitigate risks and developing and deploying cryptographic solutions to protect sensitive data. Analyze and interpret student-related data from Indian and Chinese markets to inform strategies for mitigating payer fraud and enhancing security for international student transactions. Telecommuting permissible from any location within US.

Requirements: Masters degree or foreign equivalent in Computer Science with a specialization in Information Security or a related field and one (1) of experience in computer science information security application security or a closely related role. 

Experience and/or education must include:

1. Vulnerability & Risk Management: Perform comprehensive vulnerability management and risk assessments using industry tools such as Tenable and Qualys. Deliver actionable reports with remediation guidance and continuously monitor and triage alerts with SIEM platforms including Splunk Sumo Logic ELK and Wazuh.
2. Application Security Testing: Conduct hands-on application security testing using a variety of SAST SCA and DAST tools including Veracode BurpSuite Snyk Semgrep OWASP ZAP Arachni SonarQube and OWASP Dependency-Check.
3. Secure Software Development: Develop and review secure applications in programming languages such as Ruby on Rails Java Python and Go focusing on modern UI web interfaces (e.g. JavaScript ReactJS AngularJS ). Ensure adherence to secure coding standards (OWASP Top 10) and protect against threats like XSS and SQL injection.
4. Threat Modeling & Security Architecture: Conduct peer code reviews perform in-depth threat modeling using methodologies like STRIDE and execute security architecture assessments to proactively identify and mitigate risks throughout the software development lifecycle.
5. DevSecOps & CI/CD Integration: Embed security into CI/CD pipelines specifically within GitLab by writing custom jobs and rules. Integrate and automate security tools like Trivy
6. Sensitivity: Confidential and Semgrep to ensure continuous security checks and early vulnerability detection within a DevSecOps framework.
7. Data Security & Cryptography: Securely handle sensitive data using credential management tools like HashiCorp Vault. Design and implement strong cryptographic techniques including AES RSA ECC and various hashing algorithms.
8. Cloud Security & Compliance: Review and enforce cloud security best practices for AWS and GCP environments. Conduct internal and external security audits aligned with compliance frameworks such as SOC II Type 2 ISO 27002 NIST and PCI and prepareassociated reports and policy updates.
9. Authentication & Authorization: Design and implement robust authentication and authorization systems utilizing protocols such as OAuth 2.0 SAML JWT and access control models like RBAC/ABAC.
10. Security Automation: Develop custom security software using Python Bash and Ruby to automate security processes from vulnerability scanning to incident response.
11. Client & Third-Party Support: Support client and third-party security audits by preparing responses to security assessments and risk questionnaires including those from platforms like OneTrust.

CONTACT: Reference job #and send resume to

Additional Information :

Submit today and get started!

We are excited to get to know you! Throughout our process you can expect to meet different FlyMates including the Hiring Manager and other Flymates. Your Talent Acquisition Partner will walk you through the steps and be your go-to person for questions.

Flywire is an equal opportunity employer and follows a policy of administering all employment decisions and personnel actions without regard to race color religion sex pregnancy gender identity national origin age ancestry physical or mental disability sexual orientation genetic disposition or carrier status veteran status or any other category protected under applicable national federal state or local law.

Remote Work :

No

Employment Type :

Full-time