# Security Engineer

**Company:** [Rain](https://hotfix.jobs/companies/rain)
**Location:** New York, NY
**Role:** Security Engineering
**Experience:** 4+ years
**Skills:** Semgrep, Burp Suite, Snyk, Trivy, Owasp Top 10, Threat Modeling, SAST, DAST, Sca, Iac, SDLC, Cissp, SOC 2, ISO 27001, Ebpf
**Posted:** 2026-01-15

> Leads application security assessments, vulnerability scanning, code reviews, and threat modeling. Integrates automated security tools into CI/CD pipelines and drives remediation with engineering teams. Requires 4-8+ years in app sec with hands-on tool experience.

## Job Description

## What You’ll Do

- Lead application security assessments, including vulnerability scanning, code reviews, and threat modeling with engineering teams
- Partner closely with product and development squads to drive remediation and help teams understand and resolve security findings efficiently
- Integrate and scale automated security tooling across CI/CD pipelines (**SAST**, **DAST**, **SCA**, **IaC**) to shift security left
- Develop and maintain application security standards, patterns, and guardrails that reduce risk and support rapid delivery
- Drive threat modeling and risk assessments for new features, APIs, and services
- Collaborate with Cloud & Infrastructure Security to align security controls across layers and support cloud-native security requirements
- Support incident response for application-level security events and contribute to root-cause analysis and future mitigation strategies
- Help build internal training and awareness programs to elevate secure coding and developer security literacy
- Track and surface key security metrics, trends, and continuous improvement insights to leadership

## What we're looking for

- 4–8+ years of experience in security engineering, application security, offensive security, or secure software development; strong track record of securing modern applications
- Hands-on experience with security tools such as **Semgrep**, **Burp Suite**, **Snyk**, **Trivy**, or similar for static, dynamic, and dependency security analysis
- Solid understanding of web, API, and mobile security vulnerabilities (e.g., **OWASP Top 10**, **API Top 10**)
- Experience driving or participating in threat modeling and secure design reviews
- Familiarity with cloud concepts and securing cloud workloads
- Collaborative mindset — you enjoy working closely with engineers to co-create practical security solutions
- Practical understanding of **SDLC** and integrating security into development workflows
- Ability to independently identify, prioritize, and drive remediation on critical findings
- Experience balancing security risk with business and technical constraints

### Nice to have, but not mandatory

- Experience or exposure to runtime application protection (**RASP**) or advanced monitoring (e.g., **eBPF**-based tooling)
- Experience with cloud security automation frameworks such as **Security Hub** remediations or **DLP** improvements
- Security certifications like **CISSP**, **CSSLP**, **OSCP**, **GWAPT**, or similar
- Familiarity with compliance frameworks like **SOC 2**, **ISO 27001**, **OWASP SAMM** and aligning controls
- Prior experience in fintech, payments, or highly regulated environments
- Exposure to API security tooling and design best practices

## Similar roles

- [Security Program Manager](https://hotfix.jobs/jobs/e7f7fcaf-1979-4194-9131-83689809fe47) - Forus - New York, NY
- [Safeguards Enforcement Analyst, Account Takeover & Credential Abuse](https://hotfix.jobs/jobs/31f5d0ec-9b31-4419-a4b1-2e826ec7a358) - Anthropic - San Francisco, CA - $245k – $285k/yr
- [Application Security Engineer](https://hotfix.jobs/jobs/d240253e-6098-4419-8f04-aaf793f42c03) - Zocdoc - Remote - $100k – $140k/yr
- [Detection & Mitigation Engineer](https://hotfix.jobs/jobs/61def9c4-f4a5-41a5-99c6-579a61033a73) - Cloudflare
- [Security & Compliance Operations Manager](https://hotfix.jobs/jobs/90ac6643-526f-4aeb-bb4f-d71bc1af1fcd) - Mintlify - San Francisco, CA - $120k – $180k/yr

**Apply:** https://hotfix.jobs/jobs/94d1a92c-c356-4d80-ac08-fd85bfb72820
**Canonical:** https://hotfix.jobs/jobs/94d1a92c-c356-4d80-ac08-fd85bfb72820