Sr. Application Security Engineer - Consumer Fintech

Sr. Application Security Engineer - Consumer Fintech Company

Location:
Morristown, NJ. You can work remotely 3x/week.

The company's product involves consumer fintech and smart home technology.

The company has about 600 employees and 150 engineers. The company is publicly traded, and revenues have been rapidly growing.

The company will pay up to $235k in salary, plus RSUs.

• Driving application security outcomes across the engineering organization.
• The position is application-security–first, with intentional overlap into cloud and platform security where application code, identity, CI/CD pipelines, and infrastructure intersect.
• While the role does not own infrastructure, security programs, or formal departmental priorities, it is accountable for identifying application-centric risks and guiding high-impact security decisions through expertise, partnership, and advisory influence.
• Operating with significant autonomy, owning complex and ambiguous security challenges end-to-end, ensuring outcomes align with business objectives and risk tolerance.
• Focused on technical leadership, cross-functional collaboration, and mentorship rather than people management.
• Serve as a senior subject matter expert in application security, providing authoritative guidance on secure design, authentication, identity flows, API security, and cloud-native application risks.
• Acting as a trusted security advisor during architecture reviews, design discussions, and risk assessments across multiple teams and services.
• Identifying, assessing, and clearly communicating application-centric security risks across application code, CI/CD pipelines, identity systems, and cloud environments.
• Independently owning and drive resolution of complex and ambiguous application security challenges with broad organizational impact.
• Applying threat modeling, attack-path analysis, and adversarial thinking to inform defensive improvements and strengthening application resilience.
• Contributing technically to broader security programs by shaping standards, best practices, secure patterns, and technical guidance.
• Supporting security incidents and targeted threat-hunting efforts by providing application security expertise, root-cause analysis, and remediation guidance.
• Designing, improving, and helping operationalize automated security tooling and pipelines (e.g., SAST, DAST, SCA, secrets detection).
• Mentoring engineers and security partners across teams, acting as a force multiplier to improving secure design and decision-making at scale.
• Communicating risks, recommendations, and standards clearly to senior engineers and security leadership to influence technical direction.

• At least 6 years of experience in engineering, with at least 3 years in an application security or product security role.
• Experience Customer Identity Access Management (CIAM)
• Demonstrated impact improving application security outcomes across multiple teams, systems, or business domains.
• Deep experience securing web applications, APIs, distributed systems, WAFs, and customer identity platforms.
• Strong understanding of authentication and identity protocols (OAuth2, OIDC, SAML, JWT, MFA).
• Proven ability to review system designs, data flows, and identify architectural security risks.
• Solid understanding of cloud-native application architectures and CI/CD pipelines from an application risk perspective.
• Experience designing or maintaining automated security tooling and pipelines (SAST, DAST, SCA, secrets detection).
• Proficiency in one or more modern programming languages.

• Experience threat modeling or assessing AI-powered features and LLM integrations.
• Application-focused penetration testing or adversarial security testing experience.
• Familiarity with Kubernetes, container security, and infrastructure-as-code as they relate to application security.
• Experience operating in regulated environments.