Senior Application Security Engineer at Relay

Toronto, Ontario, Canada

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

FinTechIndustries

Requirements

5+ years of experience in Application Security, Product Security, Penetration Testing, or similar roles
Expert in JavaScript, TypeScript, and Python; able to review PRs, contribute code, and create secure libraries in these languages
Deep understanding of OWASP Top 10 and real-world exploitation/mitigation techniques
Enablement focused: strives to accelerate development teams and values guardrails over gates
Clear communicator and collaborator who partners with developers to deliver secure value to customers
Strong sense of ownership and responsibility towards problems, ensuring nothing is forgotten and stakeholders are updated
Experience working with security tooling and monitoring/alerting systems

Responsibilities

Build and maintain shift-left guardrails: secure-by-default libraries and CI checks (SAST/DAST/Secrets/SCA, threat-model gates) to ensure PRs pass AppSec checks and critical issues are not merged
Partner with product teams to ensure application security controls are in place and secure product standards are met before shipping
Harden identity and account protection: engage stakeholders to implement authentication (e.g., passkeys/WebAuthn), step-up flows, and session controls; drive reductions in security violations
Manage software supply chain: enforce SBOM on every build, dependency pinning/owner verification, private registries/proxies, and runtime SCA detections
Embed security into SDLC and IDE integration: integrate into CI/CD (GitHub Actions, pipelines) for JS/TS/Python services; maintain secure coding capabilities with IDE integration
Partner with SREs to enable infrastructure security and embed security features into core applications and workflows
Handle AI security: guide features through AI risk reviews; cover OWASP Top 10 for LLMs; add safeguards for prompt injection, data leakage, excessive agency; govern AI-generated code in CI
Conduct threat intel and offensive testing: track emerging attacks (esp. npm and fintech), run black-box tests, support red/purple team exercises, publish actionable playbooks
Manage VDP and bug bounty: triage researcher reports, reproduce/assess impact, coordinate fixes, and close the loop with clear comms and durable controls
Evangelize security: mentor team members on secure patterns; write concise guidance and runbooks that accelerate delivery

Skills

Key technologies and capabilities for this role

TypeScriptNode.jsPostgresAWSSASTDASTSCASBOMWebAuthnThreat Modeling

Questions & Answers

Common questions about this position

What is the work arrangement for this role?

The position is hybrid.

What technical skills and technologies are required for this role?

The role involves working across TypeScript, Node.js, Postgres, and AWS cloud infrastructure, with experience in CI/CD (GitHub Actions), SAST/DAST/SCA, threat modeling, software supply chain security, and AI security practices.

What kind of team will I be working with?

You'll be part of the platform team, working closely with Site Reliability Engineers (SREs) and across product teams.

What is the company culture like for this role?

The role thrives on autonomy, curiosity, and impact in a collaborative environment focused on making Relay the safest financial platform for SMBs, with a human-centric customer experience.

What makes a strong candidate for this position?

A strong candidate blends technical depth with systems thinking, has experience with security tooling across the SDLC, and can work autonomously across teams to shift security left and evolve practices as the company scales.

Relay

Communication platform for workforce efficiency

About Relay

Relay is a communication platform aimed at improving workforce efficiency, especially for workers who do not have access to traditional communication tools or who use walkie-talkies. The platform utilizes Push-to-Talk (PTT) technology, which allows users to communicate instantly without the limitations of traditional walkie-talkies, such as limited range and security concerns. Relay includes features like GPS tracking, emergency alerts, and works on both mobile and desktop devices, all controlled through a voice interface. Unlike its competitors, Relay focuses on providing a subscription service that includes software integrations and regular updates to adapt to the changing needs of businesses. The main goal of Relay is to enhance communication for active workers, ensuring they can connect efficiently and safely.

Raleigh, North CarolinaHeadquarters

2015Year Founded

$46.7MTotal Funding

SERIES_BCompany Stage

Consulting, Enterprise SoftwareIndustries

201-500Employees

Benefits

Health, dental & vision

PTO

Paid sick leave

401(k) with 3% match

Paid parental leave

Connection & wellness credit

Equipment & tools

Flexible work environment

Free snacks & fun times

Risks

Emerging competitors like Apiture and Vantaca threaten Relay's market share.

Rapid AI translation advancements by others could outpace Relay's TeamTranslate feature.

Reliance on Series B funding may lead to financial instability if growth targets aren't met.

Differentiation

Relay offers real-time language translation for frontline teams, enhancing communication efficiency.

The platform integrates GPS tracking and emergency alerts, ensuring worker safety and coordination.

Relay's voice interface eliminates the need for traditional bulky walkie-talkies, improving mobility.

Upsides

Relay's Series B funding of $35M supports growth in productivity and safety features.

The demand for cloud-based communication platforms is rising, benefiting Relay's scalable solutions.

Advancements in voice interface technology enhance Relay's user interaction and accessibility.

Land your dream remote job 3x faster with AI

Try Jobo Free