Sr. Application Security Engineer

TrueML is a mission-driven financial software company that aims to create better customer experiences for distressed borrowers. Consumers today want personal digital-first experiences that align with their lifestyles especially when it comes to managing finances. TrueML’s approach uses machine learning to engage each customer digitally and adjust strategies in real time in response to their interactions. 

The TrueML team includes inspired data scientists financial services industry experts and customer experience fanatics building technology to serve people in a way that recognizes their unique needs and preferences as human beings and endeavoring toward ensuring nobody gets locked out of the financial system.

The Opportunity

We are seeking a talented and motivated Senior Application Security Engineer with a strong background in AWS and DevOps practices. In this role you will be responsible for ensuringthe security of our applications throughout the development lifecycle. You will work closelywith engineering teams to identify and mitigate security vulnerabilities implement securitybest practices and contribute to the organization's overall security strategy. The ideal candidate will have excellent communication skills and the ability to collaborate effectively with cross-functional teams.

What You'll Do:

• Security Integration: Work with development and DevOps teams to integrate security into the software development lifecycle (SDLC).

• Vulnerability Management: Identify assess and mitigate security vulnerabilities in applications infrastructure and cloud environments.

• AWS Security: Implement and maintain security controls in AWS including IAM policies security groups VPC configurations and monitoring.

• DevOps Security: Collaborate with DevOps teams to incorporate security best practices in CI/CD pipelines including automated testing secure code reviews and infrastructure as code (IaC) security.

• Threat Modeling: Conduct threat modeling and risk assessments to identify potential security threats and develop mitigation strategies.

• Incident Response: Assist in developing and executing incident response plans including identifying and responding to security incidents.

• Compliance & Best Practices: Ensure that all systems and applications comply with relevant security standards regulations and best practices (e.g. OWASP NIST ISO 27001).• Security Training: Provide security training and guidance to engineering teams to promote secure coding and infrastructure management practices.

• Continuous Improvement: Continuously monitor evaluate and improve security practices tools and processes.

Who You Are:

• Bachelor’s degree in Computer Science Information Security or a related field or equivalent experience.

• 8+ years of experience in application security or a related role.

• Strong experience with AWS security services and best practices.

• Experience with DevOps tools and practices including CI/CD pipelines containerization and IaC.

• Proficiency in at least one programming language (e.g. Python Go).

• Strong understanding of web application security (e.g. OWASP Top Ten) and secure coding practices.

• Familiarity with security tools and technologies such as SAST DAST SIEM and WAFs.

• Ability to work well in a team environment and collaborate effectively with engineers developers and other stakeholders.

• AWS Certified Security – Specialty or similar certification.

• Experience with container security (e.g. Docker Kubernetes).

• Familiarity with modern authentication and authorization protocols (e.g. OAuth SAML JWT). Knowledge of secure coding frameworks and libraries.

What We Offer (Perks & Benefits)

• Flexible vacation

• Medical/dental/vision insurance

• Traditional/Roth retirement savings options

• Company-paid disability and life insurance

• Flexible Spending Account & Limited FSA

• Family-friendly parental leave volunteer and voting time off

• On-demand wellness platform access for you and 5 friends and family

• PerkSpot discount program for 900+ merchants nationwide

This role supports a global cross-functional business and operates primarily in a Remote-First environment. However flexibility outside of standard business hours and occasional local or international travel may be necessary for global operations support company meetings training offsites and collaborative projects.

This position primarily involves computer-based work requiring extended periods at a computer participation in virtual meetings and use of standard office technology. We will consider reasonable accommodations to enable individuals to perform the essential functions of the role.

Maintaining a reliable internet connection and a professional work environment is expected. The ability to protect confidential company employee customer and business information while working outside of a company office is also required.

We collect personal information for employment purposes. We do not sell personal information. Most of the information we have is provided to us by you and/or collected as part of the employment process. For more details on how we use share and delete personal information see our Privacy Policy.

We are  an equal opportunity employer. We promote value and thrive with a diverse and inclusive team. Different perspectives contribute to better solutions and this makes us stronger every day. We do not discriminate on the basis of race religion color national origin gender sexual orientation age marital status veteran status disability status or other protected characteristics.

What We Do

TrueML makes financial technology that prioritizes customer experience and revolutionizes the experience of consumers seeking financial health. We’re a team of inspired data scientists financial services industry experts and customer experience fanatics creating experiences that serve people in a way that recognizes their unique needs and preferences as human beings and endeavoring to ensure nobody gets locked out of the financial system. After more than 10 years in business TrueML is excited to be expanding its footprint internationally. We are a growing geographically diverse team with employees in 30 U.S. states and 7 different countries with our key talent hub in LATAM. If you’re looking for an opportunity to do impactful work join TrueML and make a difference alongside hundreds of other inspired individuals.

Why Work With Us

Our functional teams are a diverse mix of employees from different backgrounds and geographies with each individual bringing unique perspectives and experiences that encourage increased innovation in our products and services. Join TrueML and make a difference alongside hundreds of other inspired individuals doing impactful work.

Gallery