Application Security Engineer
Rain
Remote
Posted on Thursday, October 5, 2023
Rain is a venture-backed fintech with a mission to enable billions of people to reach financial freedom. Our first product gives employees instant access to their earned wages, enabling people to start their journey to financial success. Rain is the fastest-growing startup in the category and was incubated with QED Capital, a top fintech venture fund.
The Application Security Engineer will conduct mobile/api/web application security and host infrastructure penetration testing engagements, interacting with multiple development squads to help us to reduce our risks and implement improvements in our systems. This position is technically grounded and will also partner with our cloud security and governance, risk, and compliance teams to enhance cloud security monitoring and defense, as well as the company’s security awareness posture.
Key Responsibilities
- Conduct application security assessments (web, mobile, API, etc.) using off-the-shelf or internally developed exploitation tools to execute manual testing for advanced attacks
- Perform periodic penetration testing and security consulting engagements, and provide the company’s internal team with detailed insights and correction recommendations via professionally written reports and/or Jira tickets
- Build and maintain an easy-to-understand security issues management dashboard
- Work closely with developer teams to ensure that any identified vulnerabilities are fully corrected within the company’s designated policy timeframes
- Provide real-time monitoring and support in the event of any major company cybersecurity attacks
- Provide ongoing support to the cloud security team, including basic monitoring and defense of the company’s cloud-based systems
- Work in partnership with the cloud security team on Cloud security automation tasks
- Perform proactive research to identify and understand new threats, vulnerabilities, and exploits that could threaten the company’s operations
- Partner with the Governance, Risk, & Compliance Specialist to develop and implement security awareness trainings, including informative videos, periodic phishing campaigns, secure code development training to developers, and other materials as needed
Skills
Advanced English speaking, reading, and writing skills
Superior problem solving and troubleshooting skills
Excellent technical skills, including application, web app, mobile and API penetration testing; network, infrastructure, and wireless penetration testing; Red Team and Social Engineering; secure code review; security tool development (as needed)
Proficient communication and interpersonal skills, with an ability to articulate complex technical concepts to non-technical stakeholders and collaboration with other teams
Willingness to learn new tools, concepts, and systems
Nice to have (but not required!): AWS-security certifications are also nice to have but not required as many of these skills can be learned on the job
Experience
3+ years of experience with commercial penetration testing, with OSCP and/or CPTE certification, or 5+ years of experience with commercial penetration testing
Proficient knowledge of back-end programming languages; experience with Go (Golang) is highly preferred
Understanding of front-end technologies and platforms, especially React and React Native
Solid understanding of REST API design, development, and security standards (OAuth)
Experience in designing and scaling event-driven microservice architectures, using messaging bus/queue technologies such as Kafka and stream processing
Management of hosting environment, including database administration and scaling an application to support load changes
Experience in data pipelines that integrate with multiple data sources, including data ingestion and transformation
Familiarity with Agile development methodologies and best practices
*Note: Examples of past work may be required as part of the hiring process
As an equal opportunity employer, Rain is committed to diversity, equity, and inclusion. Our people bring our products and organization to life, and every unique perspective makes us better. If you need accommodation in the recruiting process due to a disability, please email globalpeopleteam@rain.us or let your recruiter know.