Application Security Engineer at Flosports

FloSports leads the way in delivering world-class digital streaming for millions of fans, families, and athletes in underserved sports. Our digital platform unites casual and dedicated spectators alike, offering thrilling live events from around the world with interactive features, real-time analytics, and powerful broadcast technology. As the essential destination for niche sports content, we deliver everything from breaking news and expert commentary to feature films, documentaries, and multi-episodic series. We've revolutionized the global sports media industry by building a diverse team—technologists and wrestlers, creators and cheerleading experts, designers and hockey enthusiasts, communicators and motorsport fanatics, producers and sports fans—all united by our passion to serve underrepresented sports communities. We're creating the ultimate destination for our sports, and we're looking for people like you to join us! THE ROLE: At FloSports, we believe security should accelerate engineering, not slow it down. We're building an Application Security function that partners closely with our developers to ship secure code faster. This isn't about blocking deployments or creating friction—it's about enabling engineers to build with confidence. As an Application Security Engineer, you'll be the bridge between our Security, SRE, and Engineering teams. You'll work hands-on with developers to identify vulnerabilities, integrate security tooling into our CI/CD pipelines, and help engineers understand and fix security issues before they reach production. You'll have a real impact on how we secure our platform for millions of streaming viewers. This role is ideal for someone early in their AppSec career who has strong technical fundamentals, genuine curiosity about security, and the communication skills to partner effectively with developers. If you've been a developer who got interested in security, or a security practitioner who loves to code, you'll fit right in. RESPONSIBILITIES: Partner with Engineering on Security - Work directly with development teams to triage, explain, and remediate security findings - Conduct lightweight security reviews of code changes, architecture decisions, and new features - Be a trusted resource that engineers actually want to consult—not a blocker they work around Integrate Security into CI/CD - Manage and optimize our security tooling: AWS Security Hub, GitHub security features, and Aikido - Build and maintain automated security checks in our deployment pipelines - Reduce noise by tuning tools to surface real risks, not false positives Drive Vulnerability Management - Own the vulnerability lifecycle from discovery through remediation - Prioritize findings based on actual risk to the business, not just CVSS scores - Track metrics and report on security posture to leadership Build Security Knowledge Across Engineering - Create practical secure coding guidelines that developers will actually use - Run lightweight training sessions and lunch-and-learns on common vulnerability patterns - Document security patterns and anti-patterns specific to our stack Grow Our AppSec Practice - Help establish application security processes as we scale - Contribute to security architecture decisions for new products and features - Stay current on emerging threats and bring relevant insights to the team KNOWLEDGE, SKILLS AND ABILITIES: Technical Foundation - 2+ years of experience in software engineering, DevOps, or security - Solid understanding of web application security fundamentals (OWASP Top 10, common vulnerability classes) - Hands-on experience with at least one programming language (Python, JavaScript/Node.js, Go, or similar) - Familiarity with CI/CD pipelines and modern development workflows (GitHub Actions, Helm, etc.) Security Knowledge - Understanding of secure coding practices and common vulnerability patterns - Experience with or strong interest in security tools (SAST, DAST, SCA, or cloud security) - Familiarity with AWS security services (Security Hub, IAM, GuardDuty) is a plus - Knowledge of container security and Kubernetes is a plus Mindset & Communication - Genuine curiosity about security—you enjoy understanding how things break - Strong communication skills—you can explain security concepts to developers without being condescending - Collaborative approach—you see yourself as a partner to engineering, not a gatekeeper - Growth mindset—you're eager to learn and develop your AppSec expertise OUR COMMITMENT TO DIVERSITY: FloSports exists to elevate the communities, athletes, and sports that have too often been overlooked. That mission starts with our own team. We believe that a diverse, inclusive workplace—one where different perspectives are sought out, heard, and valued—is essential to building a company that can truly serve the full spectrum of sports fans. We are committed to creating a fair and equitable environment where people from all backgrounds can thrive. To help mitigate bias and expand opportunity, FloSports uses a blind recruiting process that supports more objective, inclusive hiring decisions. We’re intentional in our practices because we believe the best ideas and innovations come from teams that reflect the diversity of the world around us. OUR BENEFITS: - Recognized three years in a row as a Top Workplace by the Austin-American Statesman - Flexibility at work - you can take control of your profession and personal schedule - All-hands events hosted annually in beautiful Austin, Texas - Annual equity awards for all top performers - Competitive and comprehensive medical, dental and vision plans - Peace of mind through company-paid short-term disability, long-term disability and life insurance - Generous 401(K) company match vested immediately - Progressive parental leave policies - Flexible paid time off - Hack-a-thons and a full calendar of team-building and social events - Company donation to youth teams and leagues that our employees coach - Stocked snack bar, catered lunch and breakfast tacos every week