Senior Application Security Engineer

At Beyond Finance, we’ve made DEBUG... The rest of the text continues exactly as provided until the paragraph following "($140,000 - $170,000 USD)". Here are the adjustments:

• Lead and evolve the company’s application security strategy, roadmap, and day‑to‑day operations.
• Serve as the primary App Sec partner for numerous dev teams working on Ruby on Rails web apps, React Native mobile apps, and various other projects including Python and Go.
• Provide security guidance during design, development, and code review for new features and projects.
• Drive adoption of secure coding practices and threat‑modeling across engineering teams.

• Manage and optimize existing App Sec tooling, including:
• Git Hub Advanced Security (SAST, SCA, Secret Scanning)
• Invicti (DAST)
• Hadrian (ASM)
• Improve automation and integration of security tools into CI/CD pipelines.
• Identify and implement additional tools or processes to strengthen the security posture.
• Build and maintain secure development standards, playbooks, and training materials.
• Partner with engineering teams during sprint planning and feature design to proactively address risks.
• Conduct security reviews, code assessments, and vulnerability triage with development teams.

• Work with Dev Ops to ensure secure AWS infrastructure deployments and configurations.
• Contribute to hardening efforts across ECS, IAM, networking, and supporting cloud services.
• Assist in designing and maintaining secure CI/CD workflows.

• Lead or support investigation and remediation of application‑level vulnerabilities.
• Monitor, prioritize, and track findings from SAST/DAST/ASM tools.
• Collaborate with engineering to ensure timely and effective remediation.

• 3–7+ years of experience in Application Security, Product Security, or related engineering roles.
• Strong understanding of secure coding practices, common vulnerabilities (OWASP Top 10), and modern SDLC.
• Experience working with cloud‑native applications, ideally in AWS.
• Understanding of SSL certificates & cryptographic key management
• Hands‑on experience with SAST, DAST, WAFs, and/or mobile application security tools.
• Ability to partner effectively with developers and influence secure design decisions.
• Familiarity with Git Hub‑based workflows and CI/CD pipelines.

• Development experience with Ruby on Rails or similar dynamic languages.
• Knowledge of AWS ECS/EKS, container security, secrets management and infrastructure‑as‑code (Cloud Formation, Terraform).
• Experience building or maturing an App Sec program from early stages.
• SOAR Automation & Scripting experience
• Experience working in a PCI compliant environment working with annual reporting needs

• High ownership role where you define the App Sec roadmap.
• Modern engineering environment with strong leadership support for security.
• Opportunity to influence architecture, tooling, and culture across the entire development organization.
• Competitive compensation, benefits, and growth opportunities.

$140,000 - $170,000 USD

• Considerable employer contributions for health, dental, and vision programs
• Generous PTO, paid holidays, and paid parental leave
• 401(k) matching program

And finally, our team spirit and culture! We cultivate an environment of community, connection, and belonging across our entire organization.

Beyond Finance does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies in response to job positions. No fee will be paid to their parties who submit unsolicited candidates directly to Beyond Finance employees or the Beyond Finance HR team. No placement fee will be paid to any third party unless such a request has been made by the Beyond HR team.