Application Security Engineer
DolarApp
Who we are
Our vision is simple: a global financial system, without hidden fees or unfair FX rates. With control in the hands of the users instead of the hands of banks. With fund management capabilities to grow your savings for decades and build generational wealth.
What we're looking for
We are looking for an experienced and proactive Application Security Engineer to join our Security team. You’ll be responsible for strengthening the security posture of our applications and development processes by building scalable security solutions, embedding best practices, and partnering closely with engineers and product teams. This role blends technical depth in application security with a strong emphasis on automation, threat modeling, and secure design. You’ll have the opportunity to define AppSec practices, influence engineering culture, and make a meaningful impact in a fast-growing company. If you’re excited to solve complex challenges and protect users at scale, we’d love to hear from you!
What you'll be doing
- Security Pipeline: Design, implement, and maintain security automation within CI/CD, including SAST, SCA, secret scanning, API Security.
- Bug Bounty Program: Manage and improve the bug bounty program, coordinate with researchers and engineering teams to validate and remediate findings.
- Code Review & Pentesting: Conduct secure code reviews and penetration testing to identify vulnerabilities and guide developers on remediation.
- Product Security: Partner with engineering and product teams to define security architecture, perform threat modeling, and ensure secure design across applications.
- Cloud Security: Enhance visibility and governance of cloud environments by leveraging CSPM tools (Wiz, Orca) and ensuring compliance with best practice
- Phishing Awareness: Lead initiatives to raise security awareness, including phishing simulation campaigns and training programs for employees.
What you'll need
Experience
- 5+ years of experience in application security.
- Hands-on experience with application security testing tools (SAST, API Security, SCA).
- In-depth knowledge of common vulnerabilities (OWASP Top 10, CWE, CVEs) and remediation techniques.
- Experience embedding security practices into CI/CD pipelines.
- Strong communication and collaboration skills, with the ability to influence cross-functional teams.
- Proven ability to lead security projects independently.
Technical Skills
- Experience with cloud-native application security (AWS, GCP, or Azure).
- Familiarity with container security (Docker, Kubernetes).
- Experience with Infrastructure as Code (IaC) security (Terraform, CloudFormation).
- Contributions to open-source security projects or active participation in the AppSec community.
- Relevant certifications (e.g., OSWE, OSCP, CISSP).
Benefits
- Competitive salary.
- Sign-on stock options bonus, so you become part of the success of the company.
- Discretionary performance bonus (stock options).
- Paid annual leave.
- Latest technology to work with.
- Strong team that will help you improve your skills.