Full-Time

Application Security Engineer

Confirmed live in the last 24 hours

ONE Finance

501-1,000 employees

Personal finance management and fintech platform

Fintech

Senior

Remote in USA

Required Skills

Kubernetes

TypeScript

AWS

Android Development

Requirements

4+ years of experience in security engineering, DevSecOps, and application development
Excellent knowledge of the CVSS, MITRE ATT&CK, and OWASP Top 10
Proficiency in TypeScript
Practical understanding of AWS and its core services (VPC, EC2, RDS)
Experience with Library/API/Framework development
Experience with integrating security scanning tools with CI/CD, Web Application pentesting, fuzzing and DAST
Expertise in verifying and measuring common security vulnerabilities, and demonstrated ability to communicate these concepts to technical and non-technical partners
Exposure to technologies like AWS, iOS, Android, Vault, Kubernetes, PKI, React, GraphQL, and Datadog
Knowledge of cryptography including algorithms, standards, and practical applications such as x.509 certificates
Experience defining security architecture patterns and standards
Proficiency in modern security evaluation tooling (Burp, Wireshark, Kali et al.)
Understanding of regulatory compliance concerns (GLBA, CCPA, PCI)

Responsibilities

Ensuring the quality and security of applications through the Secure Development Lifecycle process
Performing SAST/DAST and penetration testing on core application services
Developing and maintaining in-house application security and penetration testing automated testing framework
Developing safe libraries and hardening existing libraries and frameworks
Enforcing SDLC practices via Infrastructure-As-Code policies
Validating security posture of new features prior to deployment
Triaging and validating security vulnerabilities
Training on secure coding practices
Contributing to application threat models
Maintaining awareness of vulnerabilities in application technologies
Maintaining security architecture to mitigate risk and meet regulatory requirements
Providing expertise on code-level security concerns during product development

About One

One’s mission is simple - to help customers achieve financial progress. We’re doing this by creating simple solutions to help our customers save, spend, borrow, and grow their money – all in one place.

The U.S. consumer today deserves better. Millions of Americans today can’t access credit, build savings or wealth, and are left to manage their financial lives through multiple disconnected apps. Almost a quarter of U.S. adults are unbanked or underbanked and roughly 80% of fintech users rely on multiple accounts to manage their finances.

What makes us unique? We are backed by a preeminent fintech investor (Ribbit) and the world’s largest retailer (Walmart), maintain the speed and independence of a startup, and employ a strong (and growing) collection of world-class talent.

There’s never been a better moment to build a business that helps people achieve financial progress. Come build with us!

The role

As an Application Security Engineer, you’ll be responsible for ensuring that One delivers secure and reliable applications at scale. By partnering with engineers to build security into the product from the ground up, creating engineering tools and workflows that test and validate artifacts, and actively developing security frameworks, you’ll be the champion of modern Application Security Engineering at One and have a direct impact on the security of all of our products. You’ll provide subject-matter expertise to product teams regarding security best practices, optimize our secure coding practices, and use offensive security techniques to harden our environment and help improve our overall security practices.

This role is responsible for:

Ensuring the quality and security of our applications and products by guiding their development through the Secure Development Lifecycle (SDLC) process.
Performing SAST/DAST and penetration testing on core application services, web applications, and mobile applications.
Developing, maintaining, and extending our in-house application security and penetration testing automated testing framework.
Developing safe libraries and hardening existing libraries and frameworks to eliminate classes of vulnerabilities.
Ensuring SDLC practices are enforced via Infrastructure-As-Code (IaC) policies, wherever possible
Working closely with Engineering teams to validate the security posture of new features prior to production deployment
Triaging and validating security vulnerabilities found or reported, and serving as a subject-matter expert in AppSec to the Engineering team in identifying and implementing mitigation solutions
Refactoring and deploying secure libraries and frameworks across the code repository
Training engineers, architects, code reviewers, and others on secure coding practices
Contributing to application threat models
Constantly maintaining awareness of known vulnerabilities in application technologies used within One
Working with the Security and other engineering teams to maintain a security architecture that provides security controls throughout all platforms to mitigate risk, and to meet goals and regulatory requirements.
Providing expertise around code-level security concerns during product development

You bring

4+ years of experience in security engineering, DevSecOps, and application development.
Excellent knowledge of the CVSS, MITRE ATT&CK, and OWASP Top 10.
Proficiency in TypeScript.
Practical understanding of AWS and its core services (VPC, EC2, RDS).
Demonstrated experience in modern application architecture and deployment practices.
Experience with Library/API/Framework development.
Experience with integrating security scanning tools with CI/CD, Web Application pentesting, fuzzing and DAST.
Expertise in verifying and measuring common security vulnerabilities, and demonstrated ability to communicate these concepts to technical and non-technical partners.
Exposure to most of the following technologies: AWS, iOS, Android, Vault, Kubernetes, PKI, React, GraphQL, and Datadog.
Knowledge of cryptography including algorithms, standards, and their practical applications such as x.509 certificates.
Experience defining security architecture patterns and standards.
Proficiency in modern security evaluation tooling (Burp, Wireshark, Kali et al.)
Preferably, understanding of regulatory compliance concerns (GLBA, CCPA, PCI).
The Triple H Factor: Humble, Hungry and Honest.

Pay Transparency

The estimated annual base salary for this position ranges from $175,000 to $205,000. Pay is generally based upon the level, complexity, responsibility, and job duties / requirements of the specific position. We then source candidates with the requisite skills, expertise, education, training, and experience. If you are selected for an interview, please feel welcome to speak to a Talent Partner about our compensation philosophy and other available benefits.

What it’s like working @ One

Competitive cash
Benefits effective on day one
Early access to a high potential, high growth fintech
Generous stock option packages in an early-stage startup
Remote friendly (anywhere in the US) and office friendly - you pick the schedule
Flexible time off programs - vacation, sick, paid parental leave, and paid caregiver leave
401(k) plan with match

Leveling Philosophy

In order to thoughtfully scale the company and avoid downstream inequities, we’ve adopted a flat titling structure at One. Though we may occasionally post a role externally with a prefix such as “Senior” to reflect the external level of the position, we do not use prefixes in titles like that internally unless in a position which manages a team. Internal titles typically include your specific functional responsibility, such as engineering, product management or sales, and often include additional descriptors to ensure clarity of role and placement within our organization (i.e. “Engineer, Platform”, “Sales, Business Development” or “Manager, Talent”). Employees are paid commensurate with their experience and the internal level within One.

Inclusion & Belonging

To build technology and products that are used and loved by people and solve real-world problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us at [email protected].

ONE Finance

View

Website

View Company Profile

This firm excels in personal finance management through a comprehensive platform that combines fintech solutions with banking and consumer products. Supported by notable investors like Walmart and Ribbit Capital, it leverages cutting-edge technology to simplify financial management for its users. The collaboration with major industry players not only fortifies its market position but also enriches its work culture with diverse expertise and innovation-focused practices, making it a prime workplace for professionals keen on shaping the future of finance.

Company Stage

M&A

Total Funding

$66.7M

Headquarters

New York, New York

Founded

2022

Growth & Insights

Headcount

6 month growth

↑ 33%

1 year growth

↑ 101%

2 year growth

↑ 155%