Application Security Engineer

Job not on LinkedIn

🔥 1 minute ago

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of R2 Companies

R2 Companies

11 - 50 employees

🏠 Real Estate

Real Estate

R2 Companies is a real estate investment and development firm with a focus on identifying and capitalizing on opportunities across various markets. The company operates multiple headquarters in Chicago, Minneapolis, and Milwaukee, emphasizing their strategic reach and presence in the Midwest of the United States. They engage with the community through various leasing and management services and maintain active communication channels via social media and newsletters.

📋 Description

• Conduct secure code reviews for Go-based microservices and identify vulnerabilities early in the development cycle • Perform security testing of APIs, web applications, and backend services before they reach production • Establish and evolve secure coding standards, guardrails, and reusable patterns for engineering teams • Lead threat modeling sessions with engineering and product teams at the design phase of new features and services • Define and enforce security gates in CI/CD pipelines: SAST, DAST, SCA, and secrets scanning with blocking criteria for high-severity findings • Own the DAST process end-to-end: tool selection, scheduling, escalation workflows, and remediation tracking • Integrate container image scanning and infrastructure-as-code (IaC) security checks into deployment pipelines • Support hardening initiatives across Kubernetes, ingress, and workloads • Contribute to the security observability program by defining and tuning alerting rules for authentication anomalies and suspicious API usage • Drive the adoption of secure development across engineering teams by providing guidance, training, and hands-on support • Build and maintain security documentation, runbooks, and standards • Triage, prioritize, and track remediation of security findings across the platform • Coordinate external penetration tests and work with vendors on scope, debriefs, and remediation plans • Sit with product and business teams to understand risk from a product perspective • Ensure there are no open high-severity findings older than 30 days

🎯 Requirements

• 3–5 years of experience in application security, product security, or a similar role • Hands-on experience with SAST/DAST tools (Snyk, Checkmarx, OWASP ZAP, Burp Suite, or equivalent) • Solid knowledge of OWASP Top 10 for web and APIs and real-world exploitability assessment • Experience reviewing code in Go or similar compiled languages • Familiarity with Kubernetes, containers, and cloud-native architectures • Strong written and verbal communication, able to explain security risks clearly to both engineers and non-technical stakeholders • Self-driven and comfortable working with autonomy in a fast-paced environment • English proficiency — written and spoken (required) • Certifications such as OSCP, OSWE, CEH or eWPT • Experience with Istio or service mesh security • Familiarity with compliance frameworks such as ISO 27001, GDPR, or SOC 2 • Threat modeling experience (STRIDE, PASTA, or similar) • Experience in fintech or regulated environments.

🏖️ Benefits

• The chance to join a high-impact, mission-driven fintech with regional scale • Cross-functional collaboration with exceptional teams across Latin America • Equipment provided by R2 • Training budget for professional development • Career growth within R2

Apply Now