Job DescriptionFlywire is seeking an eager and skillful Application Security Engineer to join our elite Security Team. You will support our security efforts across our global development houses, ensuring the privacy and safety of our most confidential business and personal information.
Your Impact & Key Responsibilities
Security by Design & Architecture
Define the Standard: Draft comprehensive security requirements for every new system, service, or integration needed by Flywire.
Lead the Blueprint: Own the threat modeling and secure architecture initiatives to prevent vulnerabilities at the design stage.
Technical Leadership: Perform lead tasks, providing guidance to other team members and setting technical standards.
Engineering Partnership & Collaboration
Embed with Teams: Attend engineering syncs and collaborate frequently with different squads to identify and address security issues in real time.
Full-Stack Reviews: Perform deep-dive security reviews, from meticulous source code auditing to dynamic testing of live applications.
Review & Integrate: Execute technical tasks on change and integration reviews to ensure "security-first" deployments.
S-SDLC Mastery
End-to-End Ownership: Be an active part of the secure software development lifecycle (S-SDLC).
Hands-on Remediation: Don't just find flaws—provide expert guidance to developers on how to mitigate and fix them effectively.
QualificationsHere's What We're Looking For
The Experience
4+ years in Application Security (AppSec).
Proven experience performing web application penetration tests and vulnerability research.
Strong skills in source code auditing and development of custom security tools.
The Tech Stack & Knowledge
Deep-dive Pentesting & Source Code Auditing: Proficiency in Ruby on Rails, Python, Bash, Java, Node.js, among others, focusing on identifying vulnerabilities at the logic and code level.
The "Breaker" Mindset: Ability to think like an attacker to identify flaws while effectively crafting mitigating controls.
Modern Standards: Deep understanding of OWASP Top 10 and the OWASP Top 10 for LLM Applications (AI-driven security).
Authentication: Working experience with OAuth, SAML, and SSO.
DevSecOps: Experience with SAST/DAST/SCA tools and integrating them into CI/CD pipelines.
Compliance: Knowledge of security audit certifications such as PCI-DSS, SOC 1, and SOC 2.
Soft Skills
Master Communicator: Ability to explain complex technical findings to both technical and non-technical audiences with empathy and clarity.
What We Offer
Competitive compensation
Employee Stock Purchase Plan (ESPP)
Flying Start – Our immersive Global Induction Program
Work with brilliant people that will keep you on your toes, and learn more about their journeys by checking out #InsideFlywire on social media
Dynamic & Global Team (we have been collaborating virtually for years!)
Wellbeing Programs (Mental Health, Wellness) with Global FlyMates
Be a meaningful part of our success – every FlyMate makes an impact
Competitive time off including FlyBetter Days to volunteer in a cause you believe in
Digital Disconnect Days!
Great Talent & Development Programs
Application ProcessSubmit today and get started! We are excited to get to know you! Throughout our process you can expect to meet with different FlyMates including the Hiring Manager, peers on the team, the VP of the department, and a skills assessment. Your Talent Acquisition Partner will walk you through the steps and be your "go-to" person for any questions.
Flywire is an equal opportunity employer. With over 30 nationalities across 12 different offices, and diversity and inclusion at the core of our people agenda, we believe our FlyMates are our greatest asset, and we're excited to watch our unique culture evolve with each new hire.
#J-18808-Ljbffr