Senior Application Security Engineer
M&T BankSalary not specified
Full Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
CA$175,000 – CA$215,000Compensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Fraud Prevention, AML Compliance, Fintech, Banking, RetailIndustries
Requirements
Candidates should have over 7 years of professional experience in application security, product security, or offensive security roles. A deep understanding of common application vulnerabilities like the OWASP Top 10 and their mitigation techniques is required, along with strong proficiency in auditing code in Python, Go, or JavaScript/TypeScript. Hands-on experience with SAST, DAST, IAST, and SCA security tools, solid understanding of security principles for cloud environments (GCP & AWS) and containerized services (Docker, Kubernetes), and proven experience integrating security into the SDLC are necessary. Strong analytical, problem-solving, incident response, and communication skills are also essential.
Responsibilities
The Senior Application Security Engineer will perform security code reviews, vulnerability assessments, and penetration tests on web applications, mobile applications, and APIs. They will integrate and manage security tools within CI/CD pipelines, conduct threat modeling for new features, and triage, validate, and prioritize vulnerabilities. Responsibilities also include collaborating with engineering and product teams on secure solutions and remediation, developing security standards and documentation, managing security training for developers, developing custom scripts for security testing automation, and assisting in application security incident response activities.
Skills
Application Security
Security Code Reviews
Vulnerability Assessments
Penetration Testing
Web Applications
Mobile Applications
APIs
SDLC
Security Tools Integration
Security Culture
Sardine
Fraud prevention and compliance platform
About Sardine
Sardine.ai focuses on fraud prevention and compliance for banks, retailers, and fintech companies. Its platform offers tools for risk scoring, transaction monitoring, and customer due diligence, helping clients detect fraud and prevent money laundering. What sets Sardine.ai apart is its ability to monitor customer interactions for fraud signals, using data from over 35 providers to generate accurate risk scores. The company's goal is to enhance security and compliance for financial institutions and retailers.
San Francisco, CaliforniaHeadquarters
2020Year Founded
$73.5MTotal Funding
SERIES_BCompany Stage
Fintech, Financial ServicesIndustries
51-200Employees
Benefits
Generous compensation in cash and equity
7-year for post-termination option exercise (vs. standard 90 days)
Early exercise for all options, including pre-vested
Work from anywhere: Remote-first Culture
Unlimited paid time off and minimum 2 weeks/year of mandatory vacation
100% of health insurance, dental, and vision coverage for employees and 60% for dependents
4% matching in 401k
Company-wide offsites, the last one was at Miami
MacBook Pro delivered to your door
One-time stipend to set up a home office — desk, monitors, etc.
Monthly meal stipend
Monthly health and wellness stipend
Monthly meet-up stipend
Unlimited access to an expert financial advisory
Risks
Sophisticated synthetic identity fraud challenges traditional detection methods.
Real-time payment systems increase fraud risk, straining current detection capabilities.
Dollar-to-crypto conversion partnership may attract regulatory scrutiny.
Differentiation
Sardine offers instant settlement for NFT and cryptocurrency transactions, enhancing transaction speed.
The platform uses behavioral biometrics to monitor interactions, providing precise risk scores.
Sardine integrates data from over 35 providers for comprehensive fraud detection.
Upsides
Partnership with Experian enhances product offerings with behavioral biometrics and device intelligence.
Collaboration with Airbase expands market reach in integrated risk management solutions.
Launch of GenAI assistant, Finley, leverages AI for competitive fraud detection.
Related Jobs
RemoteRemoteApplication Security Architect
WorkwaveSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSecurity Engineer, Product Security
Chainlink LabsSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteSenior Software Engineer, Secure Agents
Cohere$150,000 - $220,000/year
- Full Time
- Senior (5 to 8 years), Junior (1 to 2 years)
RemoteApplication Security Engineer
RxSenseSalary not specified
- Full Time
- Mid-level (3 to 4 years)
RemoteSenior Security Engineer, Application & Cloud
Rad AI$150,000 - $180,000/year
- Full Time
- Senior (5 to 8 years)
RemoteSenior Security (DevSecOps) Engineer II, Remote
AledadeSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteApplication Security Engineer - Remote
PayNearMeSalary not specified
- Full Time
- Senior (5 to 8 years)
RemotePenetration Tester
UltraViolet CyberSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteApplication Security Engineer
Motley FoolSalary not specified
- Full Time
- Junior (1 to 2 years)
RemoteSenior Threat Response Engineer (4th Shift)
Red CanarySalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSenior Intelligent Automation Engineer (Security)
NerdWallet$136,000 - $252,000/year
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)