Security Engineer, Application Security

Job Title

Security Engineer, Application Security

$109,221 - $114,221/year

141 Tremont St, 10th Floor, Boston, MA 02111;
Telecommuting permissible from any location within US

Responsible for ensuring the security of applications and software systems developed and used within the organization. This role involves conducting application security reviews, performing secure code analysis, integrating security testing into CI/CD pipelines, and guiding developers on secure coding practices. Design and implement security protocols for Healthcare, EDU, and B2B applications, conducting regular threat modeling and vulnerability assessments to identify and mitigate risks, and developing and deploying cryptographic solutions to protect sensitive data.

Analyze and interpret student-related data from Indian and Chinese markets to inform strategies for mitigating payer fraud and enhancing security for international student transactions.

Master’s degree or foreign equivalent in Computer Science with a specialization in Information Security, or a related field, and one (1) of experience in computer science, information security, application security or a closely related role.

• Vulnerability &
  
  Risk Management:
  
  Perform comprehensive vulnerability management and risk assessments using industry tools such as Tenable and Qualys. Deliver actionable reports with remediation guidance and continuously monitor and triage alerts with SIEM platforms including Splunk, Sumo Logic, ELK, and Wazuh.
• Application Security Testing:
  Conduct hands‑on application security testing using a variety of SAST, SCA, and DAST tools, including Veracode, Burp Suite, Snyk, Semgrep, OWASP ZAP, Arachni, Sonar Qube, and OWASP Dependency-Check.
• Threat Modeling & Security Architecture:
  Conduct peer code reviews, perform in-depth threat modeling using methodologies like STRIDE, and execute security architecture assessments to proactively identify and mitigate risks throughout the software development lifecycle.
• Dev Sec Ops  & CI/CD Integration:
  Embed security into CI/CD pipelines, specifically within Git Lab, by writing custom jobs and rules. Integrate and automate security tools like Trivy and Semgrep to ensure continuous security checks and early vulnerability detection within a Dev Sec Ops  framework.
• Data Security & Cryptography:
  Securely handle sensitive data using credential management tools like Hashi Corp Vault. Design and implement strong cryptographic techniques, including AES, RSA, ECC, and various hashing algorithms.
• Cloud Security & Compliance:
  Review and enforce cloud security best practices for AWS and GCP environments. Conduct internal and external security audits aligned with compliance frameworks such as SOC II Type 2, ISO 27002, NIST, and PCI, and prepare associated reports and policy updates.
• Authentication & Authorization:
  Design and implement robust authentication and authorization systems utilizing protocols such as OAuth 2.0, SAML, JWT, and access control models like RBAC/ABAC.
• Security Automation:
  Develop custom security software using Python, Bash, and Ruby to automate security processes, from vulnerability scanning to incident response.
• Client & Third-Party Support:
  Support client and third‑party security audits by preparing responses to security assessments and risk questionnaires, including those from platforms like One Trust.

Reference job #9786162 – Email:

Flywire is an equal opportunity employer and follows a policy of administering all employment decisions and personnel actions without regard to race, color, religion, sex, pregnancy, gender identity, national origin, age, ancestry, physical or mental disability, sexual orientation, genetic disposition or carrier status, veteran status, or any other category protected under applicable national, federal, state or local law.