Senior Application Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Rain · 4 months ago

Senior Application Security Engineer

positionUnited States
timeFull-time
remoteRemote
seniorityMid, Senior Level
date3+ years exp

Rain is the fastest-growing earned wage access fintech in the U.S., serving millions of employees and backed by top investors. They are seeking a skilled and driven Senior Application Security Engineer to join their Security team, focusing on secure software development and cloud-native defense while collaborating with engineering squads and improving application security posture.

BlockchainCryptocurrencyDecentralized Finance (DeFi)FinTechWeb3
check
H1B Sponsor Likelynote

Responsibilities

Collaborate with development squads to validate vulnerabilities and provide actionable remediation guidance aligned with business risk
Drive threat modeling sessions (e.g., STRIDE, PASTA) for critical systems and APIs
Design, implement, and oversee automated processes for securely updating application and code dependencies, proactively mitigating issues and ensuring timely vulnerability remediation
Integrate security checks into CI/CD pipelines (SAST, DAST, SCA, IaC), working with tools like Semgrep, Snyk, Trivy, and Burp Suite
Contribute to runtime security initiatives, such as container/Kubernetes hardening, RASP, and eBPF-based detection
Build and maintain a security issues dashboard to track remediation status and metrics
Provide real-time support in the event of cybersecurity incidents impacting applications or cloud infrastructure (exploited vuln, credential stuffing, web/API attacks)
Partner with the Cloud Security team on security automation tasks and monitoring improvements (e.g., Security Hub remediation automations, DLP monitoring, etc.)
Conduct proactive research on new threats, vulnerabilities, and attack techniques relevant to Rain’s architecture
Collaborate with the GRC team to develop and deliver internal security awareness initiatives, phishing campaigns, and developer training (e.g., secure coding, API security)
Participate in the continuous improvement of AppSec maturity (e.g., aligning with OWASP SAMM, ISO 27001, or SOC 2 frameworks)

Qualification

Application securitySAST toolsDAST toolsCloud securityPenetration testingSecure code developmentVulnerability assessmentCI/CD securityMicroservices architectureAgile methodologiesSoftware supply chain securityLoggingMonitoring toolsBug bounty triageLLM/AI securitySecurity certificationsFluent EnglishProblem-solvingCommunication skills

Required

Fluent English, including strong verbal and written skills
Strong problem-solving and analytical mindset
Excellent communication skills to convey security risks to technical and non-technical stakeholders
3–5+ years of experience in application security, penetration testing roles, and/or secure code development, including work with QA teams
Hands-on experience with SAST, DAST, and SCA tools (e.g., Semgrep, Burp, Snyk)
Deep understanding of web, mobile, and API vulnerabilities (OWASP Top 10, API Top 10, MITRE CWE)
Proven expertise in performing code review or security assessments and writing clear reports
Proficiency in at least one backend language (e.g., Go, Python, Node.js) and understanding of React / React Native front-ends
Familiarity with secure architecture of microservices, event-driven systems, and REST APIs using OAuth2/OpenID Connect
Experience securing CI/CD pipelines and integrating AppSec tooling into SDLC
Solid knowledge of containerization and Kubernetes security fundamentals
Understanding of cloud security (preferably AWS), including IAM principles, cloud-native service configurations, and network segmentation
Comfortable with Agile development methodologies and working within cross-functional squads
Software supply chain security (e.g., SBOM, artifact signing)

Preferred

Certifications such as OSCP, OSWE, GWAPT, CPTE, or CSSLP
AWS, GCP, or Azure Security Specialty certification
Familiarity with bug bounty triage and vulnerability management platforms (e.g., DefectDojo)
Experience implementing RASP or eBPF runtime protection tools
Exposure to LLM/AI security considerations and secure code generation practices
Familiarity with logging and monitoring tools (e.g., CloudWatch, Datadog, Grafana)

Company

Rain

twittertwittertwitter
company-logo
Rain is a stablecoin infrastructure platform offering wallets and global transfers through a unified API for enterprises and neobanks.
dateFounded in 2021
location
New York, New York, USA
people-size51-200 employees
web-link
https://www.rain.xyz

H1B Sponsorship

Rain has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (2)
2023 (1)
2022 (1)
2021 (1)

Funding

Current Stage
Growth Stage
Total Funding
$332.5M
Key Investors
ICONIQ CapitalSapphire VenturesNorwest
2026-01-09Series C· $250M
2025-08-28Series B· $58M
2025-03-24Series A· $24.5M

Leadership Team

leader-logo
Farooq Malik
Co-Founder and CEO
linkedin
leader-logo
Charles Yoo-Naut
Co-Founder and CTO
linkedin

Recent News

PYMNTS.com
Banks, Cards and Creators Push Stablecoins Into Financial Mainstream
2026-01-11
The Block
The Daily: Cathie Wood says US government may soon start buying bitcoin, Ripple secures FCA authorization, and more
2026-01-11
FinSMEs
Rain Raises $250M in Series C Funding
2026-01-11
Company data provided by crunchbase