Security Engineer, Application Security at Flywire1

Job Title: Security Engineer, Application Security Salary Range: $109,221 - $114,221/year Job Location: 141 Tremont St, 10th Floor, Boston, MA 02111; Telecommuting permissible from any location within US Job Description: Responsible for ensuring the security of applications and software systems developed and used within the organization. This role involves conducting application security reviews, performing secure code analysis, integrating security testing into CI/CD pipelines, and guiding developers on secure coding practices. Design and implement security protocols for Healthcare, EDU, and B2B applications, conducting regular threat modeling and vulnerability assessments to identify and mitigate risks, and developing and deploying cryptographic solutions to protect sensitive data. Analyze and interpret student-related data from Indian and Chinese markets to inform strategies for mitigating payer fraud and enhancing security for international student transactions. Telecommuting permissible from any location within US. Requirements: Master’s degree or foreign equivalent in Computer Science with a specialization in Information Security, or a related field, and one (1) of experience in computer science, information security, application security or a closely related role.  Experience and/or education must include: • Vulnerability & Risk Management: Perform comprehensive vulnerability management and risk assessments using industry tools such as Tenable and Qualys. Deliver actionable reports with remediation guidance and continuously monitor and triage alerts with SIEM platforms including Splunk, Sumo Logic, ELK, and Wazuh. • Application Security Testing: Conduct hands-on application security testing using a variety of SAST, SCA, and DAST tools, including Veracode, BurpSuite, Snyk, Semgrep, OWASP ZAP, Arachni, SonarQube, and OWASP Dependency-Check. • Secure Software Development: Develop and review secure applications in programming languages such as Ruby on Rails, Java, Python, and Go, focusing on modern UI web interfaces (e.g., JavaScript, ReactJS, AngularJS, Node.js). Ensure adherence to secure coding standards (OWASP Top 10) and protect against threats like XSS and SQL injection. • Threat Modeling & Security Architecture: Conduct peer code reviews, perform in-depth threat modeling using methodologies like STRIDE, and execute security architecture assessments to proactively identify and mitigate risks throughout the software development lifecycle. • DevSecOps & CI/CD Integration: Embed security into CI/CD pipelines, specifically within GitLab, by writing custom jobs and rules. Integrate and automate security tools like Trivy • Sensitivity: Confidential and Semgrep to ensure continuous security checks and early vulnerability detection within a DevSecOps framework. • Data Security & Cryptography: Securely handle sensitive data using credential management tools like HashiCorp Vault. Design and implement strong cryptographic techniques, including AES, RSA, ECC, and various hashing algorithms. • Cloud Security & Compliance: Review and enforce cloud security best practices for AWS and GCP environments. Conduct internal and external security audits aligned with compliance frameworks such as SOC II Type 2, ISO 27002, NIST, and PCI, and prepareassociated reports and policy updates. • Authentication & Authorization: Design and implement robust authentication and authorization systems utilizing protocols such as OAuth 2.0, SAML, JWT, and access control models like RBAC/ABAC. • Security Automation: Develop custom security software using Python, Bash, and Ruby to automate security processes, from vulnerability scanning to incident response. • Client & Third-Party Support: Support client and third-party security audits by preparing responses to security assessments and risk questionnaires, including those from platforms like OneTrust. CONTACT: Reference job #9786162 and send resume to [Upgrade to PRO to see contact]