Skip to content
RainRainNew York, NY

Security Engineer

Leads application security assessments, vulnerability scanning, code reviews, and threat modeling. Integrates automated security tools into CI/CD pipelines and drives remediation with engineering teams. Requires 4-8+ years in app sec with hands-on tool experience.

Salary not listed
Hybrid4+ YOESecurity Engineering

About the role

What You’ll Do

  • Lead application security assessments, including vulnerability scanning, code reviews, and threat modeling with engineering teams
  • Partner closely with product and development squads to drive remediation and help teams understand and resolve security findings efficiently
  • Integrate and scale automated security tooling across CI/CD pipelines (SAST, DAST, SCA, IaC) to shift security left
  • Develop and maintain application security standards, patterns, and guardrails that reduce risk and support rapid delivery
  • Drive threat modeling and risk assessments for new features, APIs, and services
  • Collaborate with Cloud & Infrastructure Security to align security controls across layers and support cloud-native security requirements
  • Support incident response for application-level security events and contribute to root-cause analysis and future mitigation strategies
  • Help build internal training and awareness programs to elevate secure coding and developer security literacy
  • Track and surface key security metrics, trends, and continuous improvement insights to leadership

What we're looking for

  • 4–8+ years of experience in security engineering, application security, offensive security, or secure software development; strong track record of securing modern applications
  • Hands-on experience with security tools such as Semgrep, Burp Suite, Snyk, Trivy, or similar for static, dynamic, and dependency security analysis
  • Solid understanding of web, API, and mobile security vulnerabilities (e.g., OWASP Top 10, API Top 10)
  • Experience driving or participating in threat modeling and secure design reviews
  • Familiarity with cloud concepts and securing cloud workloads
  • Collaborative mindset — you enjoy working closely with engineers to co-create practical security solutions
  • Practical understanding of SDLC and integrating security into development workflows
  • Ability to independently identify, prioritize, and drive remediation on critical findings
  • Experience balancing security risk with business and technical constraints

Nice to have, but not mandatory

  • Experience or exposure to runtime application protection (RASP) or advanced monitoring (e.g., eBPF-based tooling)
  • Experience with cloud security automation frameworks such as Security Hub remediations or DLP improvements
  • Security certifications like CISSP, CSSLP, OSCP, GWAPT, or similar
  • Familiarity with compliance frameworks like SOC 2, ISO 27001, OWASP SAMM and aligning controls
  • Prior experience in fintech, payments, or highly regulated environments
  • Exposure to API security tooling and design best practices

Skills

SemgrepBurp SuiteSnykTrivyOwasp Top 10Threat ModelingSASTDASTScaIacSDLCCisspSOC 2ISO 27001Ebpf
Forus

Security Program Manager

ForusNew York, NY

Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.

Salary not listed
On-site4+ YOESecurity Engineering
Anthropic

Safeguards Enforcement Analyst, Account Takeover & Credential Abuse

AnthropicSan Francisco, CA +2

Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.

245k – 285k/yr
HybridSecurity Engineering
Zocdoc

Application Security Engineer

ZocdocUnited States

Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.

100k – 140k/yr
RemoteSecurity Engineering
Cloudflare

Detection & Mitigation Engineer

CloudflareUnited States

Security Detections Engineer identifying attacker TTPs, building real-time detections, and mitigating threats/abuse across Cloudflare's global platform using data analysis, SQL, scripting, and threat intelligence. Requires strong analytical and communication skills.

Salary not listed
HybridSecurity Engineering
Mintlify

Security & Compliance Operations Manager

MintlifySan Francisco, CA

Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.

120k – 180k/yr
On-site3+ YOESecurity Engineering