Senior Application Security Engineer

Imprint

Senior Application Security Engineer ensuring secure development of fintech applications. Conducting threat modeling, security architecture reviews, and collaborating with engineering teams in a fast-paced environment.

Posted 5/15/2026full-timeNew York City • New York • 🇺🇸 United StatesSenior💰 $170,000 - $220,000 per yearWebsite

Tech Stack

Tools & technologies

AWSAzureCloudCyber SecurityGoogle Cloud PlatformMicroservicesSwift

About the role

Key responsibilities & impact

Conduct systematic threat modeling (e.g., leveraging the MITRE ATT&CK framework) to identify risks, define attack paths, and propose mitigations early in the development lifecycle.
Perform in-depth security architecture reviews to ensure applications and microservices follow secure design principles.
Collaborate with engineering teams to conduct code reviews, pinpoint vulnerabilities, and champion OWASP Top 10 best practices.
Integrate SAST and DAST into CI/CD pipelines, ensuring continuous and automated detection of security flaws.
Analyze testing reports and guide teams toward swift, effective remediation strategies.
Perform or coordinate targeted penetration tests on critical applications and systems.
Document findings and partner with engineers to implement sustainable fixes.
Advise on symmetric and asymmetric encryption mechanisms to safeguard data at rest and in transit.
Oversee secure key management, ensuring cryptographic libraries and protocols are properly utilized.
Develop and deliver training on secure coding fundamentals and OWASP principles.
Lead the “shift-left” security movement by embedding security considerations in early stages of development—a strong development background is required to effectively collaborate and coach.
Investigate and document application-focused security incidents.
Maintain and refine incident response playbooks, integrating lessons learned into ongoing improvements.
Align AppSec practices with PCI DSS, SOC 2, and relevant frameworks to support regulatory audits.
Work closely with Risk, Fraud, and Compliance teams to ensure continuous alignment between engineering, security, and business goals.

Requirements

What you’ll need

5+ years in cybersecurity, specifically focused on Application Security.
Hands-on coding experience and familiarity with modern development stacks (e.g., microservices, REST APIs, containerized environments).
Proficiency with SAST/DAST tools, threat modeling methodologies (e.g., MITRE ATT&CK), cryptography concepts (key management, encryption standards), and cloud security services (AWS, GCP, or Azure).
Excellent communication, collaboration, and problem-solving skills in a fast-paced, cross-functional setting.

Benefits

Comp & perks

Competitive compensation and equity packages
Leading configured work computers of your choice
Flexible paid time off
Fully covered, high-quality healthcare, including fully covered dependent coverage
Additional health coverage includes access to One Medical and the option to enroll in an FSA
20 weeks of paid parental leave for the primary caregiver and 8 weeks for all new parents
Access to industry-leading technology across all of our business units, stemming from our philosophy that we should invest in resources for our team that foster innovation, optimization, and productivity

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

threat modelingsecurity architecture reviewscode reviewsSASTDASTpenetration testingencryption mechanismssecure codingincident responsecloud security

Soft Skills

communicationcollaborationproblem-solvingleadership