Senior Security Engineer, Application Security

This is a fully remote position, open to applicants in India.

📋 Description

• Develop, prompt-engineer, and implement automated security review workflows, utilizing tools such as Claude or other LLM APIs to conduct real-time code assessments and architectural evaluations within our CI/CD framework.

• Lead secure design evaluations and advanced threat modeling for our intricate payment systems and AI-integrated applications.

• Serve as a technical liaison between the Security and Engineering teams.

• Collaborate regularly with various engineering teams to identify and resolve security vulnerabilities.

• Supervise in-depth technical assessments, going beyond basic scans to conduct source code audits and live application testing on high-risk features.

• Contribute to and take responsibility for the automated security controls we are developing, actively participating in all facets of the secure software development lifecycle (S-SDLC).

• Offer hands-on remediation advice and mentor junior security or software engineers, as well as members of Product teams, on both traditional exploits and emerging AI-specific vulnerabilities.

⛳️ Requirements

• Over 5 years of experience in Application Security.

• Demonstrated experience in conducting web application penetration tests and vulnerability research.

• Proficient in source code auditing, product evaluations, and collaboration with product teams.

• Experience in developing security tools.

• A strong desire to automate manual, repetitive tasks with intelligent scripts and AI workflows.

• Proven ability to utilize tools like Claude for security-focused tasks such as code summarization, vulnerability identification, and automated fix creation.

• Experience in creating custom tools or wrappers that use LLMs to analyze pull requests and deliver context-aware security feedback.

• Extensive practical knowledge of defenses against Prompt Injection, Insecure Output Handling, and Model Inversion.

• Proficient in Python, Ruby on Rails, Java, and modern web development technologies (JavaScript, Node.js, etc.).

• Solid understanding of AWS or similar cloud environments, containerization (Docker), and the construction/maintenance of GitLab CI pipelines.

• Advanced experience with SAST, DAST, and SCA tools.

• Comprehensive understanding of applied cryptography, OAuth2, SAML, and SSO implementations.

• Ability to translate complex AI-generated findings into actionable business risks for stakeholders.

• A collaborative mindset that views developers and product teams as partners, emphasizing enablement over friction.

• Practical experience aligning technical controls with standards like SOC 1, SOC 2, PCI-DSS, and emerging AI-governance frameworks.

🏝️ Benefits

• Competitive compensation.

• Employee Stock Purchase Plan (ESPP).

• Flying Start - Our immersive Global Induction Program (Meet our Execs & Global Teams).

• Collaborate with brilliant individuals who will challenge you; learn more about their journeys by exploring #InsideFlywire on social media.

• Dynamic & Global Team (we have been collaborating virtually for years!).

• Wellbeing Programs (Mental Health, Wellness, Yoga/Pilates/HIIT Classes) with Global FlyMates.

• Play a meaningful role in our success - every FlyMate makes an impact.

• Competitive time off including FlyBetter Days to volunteer for causes you care about and Digital Disconnect Days!

• Exceptional Talent & Development Programs (Managers Taking Flight – for new or aspiring managers!).