Application Security Engineer
United States (Remote)
One’s mission is simple - to help customers achieve financial progress. We’re doing this by creating simple solutions to help our customers save, spend, borrow, and grow their money – all in one place.
The U.S. consumer today deserves better. Millions of Americans today can’t access credit, build savings or wealth, and are left to manage their financial lives through multiple disconnected apps. Almost a quarter of U.S. adults are unbanked or underbanked and roughly 80% of fintech users rely on multiple accounts to manage their finances.
What makes us unique? We are backed by a preeminent fintech investor (Ribbit) and the world’s largest retailer (Walmart), maintain the speed and independence of a startup, and employ a strong (and growing) collection of world-class talent.
There’s never been a better moment to build a business that helps people achieve financial progress. Come build with us!
The roleAs an Application Security Engineer, you'll be responsible for ensuring that One delivers secure and reliable applications at scale. By partnering with engineers to build security into the product from the ground up, creating engineering tools and workflows that test and validate artifacts, and actively developing security frameworks, you’ll be the champion of modern Application Security Engineering at One and have a direct impact on the security of all of our products. You’ll provide subject-matter expertise to product teams regarding security best practices, optimize our secure coding practices, and use offensive security techniques to harden our environment and help improve our overall security practices.
This role is responsible for:
Ensuring the quality and security of our applications and products by guiding their development through the Secure Development Lifecycle (SDLC) process.
Performing SAST/DAST and penetration testing on core application services, web applications, and mobile applications.
Developing, maintaining, and extending our in-house application security and penetration testing automated testing framework.
Developing safe libraries and hardening existing libraries and frameworks to eliminate classes of vulnerabilities.
Ensuring SDLC practices are enforced via Infrastructure-As-Code (IaC) policies, wherever possible.
Working closely with Engineering teams to validate the security posture of new features prior to production deployment.
Triaging and validating security vulnerabilities found or reported, and serving as a subject-matter expert in AppSec to the Engineering team in identifying and implementing mitigation solutions.
Refactoring and deploying secure libraries and frameworks across the code repository.
Training engineers, architects, code reviewers, and others on secure coding practices.
Contributing to application threat …
This job isn't fresh anymore!
Search Fresh JobsJob Profile
Remote
Benefits/PerksCompetitive cash Competitive cash benefits Early access Early access to a high potential, high growth fintech Effective on day one Flat titling structure Flexible time off Flexible time off programs Generous stock option packages Office friendly Other available benefits Pay Transparency Remote Friendly
Tasks- Ensure application security
- Perform penetration testing
Android API API Development Application Development Application Security Automated Testing AWS CI/CD Compliance CVSS DAST Datadog DevSecOps Engineering Fintech GraphQL Infrastructure Infrastructure as Code IOS Kubernetes Library development MITRE ATT&CK OWASP Penetration Testing Product Development Product Management RDS React Regulatory Compliance SAST Secure coding Secure coding practices Security Security Engineering Security frameworks Typescript VPC
Experience4 years
Education TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9