Senior Application Security Engineer
M&T BankSalary not specified
Full Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
FinTechIndustries
Requirements
- 5+ years of experience in Application Security, Product Security, Penetration Testing, or similar roles
- Expert in JavaScript, TypeScript, and Python; able to review PRs, contribute code, and create secure libraries in these languages
- Deep understanding of OWASP Top 10 and real-world exploitation/mitigation techniques
- Enablement focused: strives to accelerate development teams and values guardrails over gates
- Clear communicator and collaborator who partners with developers to deliver secure value to customers
- Strong sense of ownership and responsibility towards problems, ensuring nothing is forgotten and stakeholders are updated
- Experience working with security tooling and monitoring/alerting systems
Responsibilities
- Build and maintain shift-left guardrails: secure-by-default libraries and CI checks (SAST/DAST/Secrets/SCA, threat-model gates) to ensure PRs pass AppSec checks and critical issues are not merged
- Partner with product teams to ensure application security controls are in place and secure product standards are met before shipping
- Harden identity and account protection: engage stakeholders to implement authentication (e.g., passkeys/WebAuthn), step-up flows, and session controls; drive reductions in security violations
- Manage software supply chain: enforce SBOM on every build, dependency pinning/owner verification, private registries/proxies, and runtime SCA detections
- Embed security into SDLC and IDE integration: integrate into CI/CD (GitHub Actions, pipelines) for JS/TS/Python services; maintain secure coding capabilities with IDE integration
- Partner with SREs to enable infrastructure security and embed security features into core applications and workflows
- Handle AI security: guide features through AI risk reviews; cover OWASP Top 10 for LLMs; add safeguards for prompt injection, data leakage, excessive agency; govern AI-generated code in CI
- Conduct threat intel and offensive testing: track emerging attacks (esp. npm and fintech), run black-box tests, support red/purple team exercises, publish actionable playbooks
- Manage VDP and bug bounty: triage researcher reports, reproduce/assess impact, coordinate fixes, and close the loop with clear comms and durable controls
- Evangelize security: mentor team members on secure patterns; write concise guidance and runbooks that accelerate delivery
Skills
TypeScript
Node.js
Postgres
AWS
SAST
DAST
SCA
SBOM
WebAuthn
Threat Modeling
Relay
Communication platform for workforce efficiency
About Relay
Relay is a communication platform aimed at improving workforce efficiency, especially for workers who do not have access to traditional communication tools or who use walkie-talkies. The platform utilizes Push-to-Talk (PTT) technology, which allows users to communicate instantly without the limitations of traditional walkie-talkies, such as limited range and security concerns. Relay includes features like GPS tracking, emergency alerts, and works on both mobile and desktop devices, all controlled through a voice interface. Unlike its competitors, Relay focuses on providing a subscription service that includes software integrations and regular updates to adapt to the changing needs of businesses. The main goal of Relay is to enhance communication for active workers, ensuring they can connect efficiently and safely.
Raleigh, North CarolinaHeadquarters
2015Year Founded
$46.7MTotal Funding
SERIES_BCompany Stage
Consulting, Enterprise SoftwareIndustries
201-500Employees
Benefits
Health, dental & vision
PTO
Paid sick leave
401(k) with 3% match
Paid parental leave
Connection & wellness credit
Equipment & tools
Flexible work environment
Free snacks & fun times
Risks
Emerging competitors like Apiture and Vantaca threaten Relay's market share.
Rapid AI translation advancements by others could outpace Relay's TeamTranslate feature.
Reliance on Series B funding may lead to financial instability if growth targets aren't met.
Differentiation
Relay offers real-time language translation for frontline teams, enhancing communication efficiency.
The platform integrates GPS tracking and emergency alerts, ensuring worker safety and coordination.
Relay's voice interface eliminates the need for traditional bulky walkie-talkies, improving mobility.
Upsides
Relay's Series B funding of $35M supports growth in productivity and safety features.
The demand for cloud-based communication platforms is rising, benefiting Relay's scalable solutions.
Advancements in voice interface technology enhance Relay's user interaction and accessibility.
Related Jobs
RemoteRemoteSenior Software Engineer, Secure Agents
CohereSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSoftware Engineer, Security
Render$193,000 - $265,000/year
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemotePrincipal DevSecOps Engineer
Second Front SystemsSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSecurity Engineer, Product Security
Chainlink LabsSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteSecurity Engineer, Cloud Security
Red Cell PartnersSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)