Security Engineer

• 4–8+ years of experience in security engineering, application security, offensive security, or secure software development; strong track record of securing modern applications. • Hands-on experience with security tools such as Semgrep, Burp Suite, Snyk, Trivy, or similar for static, dynamic, and dependency security analysis. • security tools • Solid understanding of web, API, and mobile security vulnerabilities (e.g., OWASP Top 10, API Top 10). • web, API, and mobile security vulnerabilities • Experience driving or participating in threat modeling and secure design reviews. • threat modeling and secure design reviews • Familiarity with cloud concepts and securing cloud workloads. • cloud concepts • Collaborative mindset — you enjoy working closely with engineers to co-create practical security solutions. • Practical understanding of SDLC and integrating security into development workflows. • Ability to independently identify, prioritize, and drive remediation on critical findings. • identify, prioritize, and drive remediation • Experience balancing security risk with business and technical constraints. • security risk with business and technical constraints • Bonus Attributes (Nice-to-Haves) • Experience or exposure to runtime application protection (RASP) or advanced monitoring (e.g., eBPF-based tooling). • runtime application protection (RASP) • Experience with cloud security automation frameworks such as Security Hub remediations or DLP improvements. • cloud security automation frameworks • Security certifications like CISSP, CSSLP, OSCP, GWAPT, or similar. • CISSP, CSSLP, OSCP, GWAPT, or similar • Familiarity with compliance frameworks like SOC 2, ISO 27001, OWASP SAMM and aligning controls. • SOC 2, ISO 27001, OWASP SAMM • Prior experience in fintech, payments, or highly regulated environments. • Exposure to API security tooling and design best practices. • API security tooling and design best practices • Things that enable a fulfilling, healthy and happy experience at Rain: • Unlimited time off 🌴Unlimited vacation can be daunting, so we require Rainmakers to take 10 days minimum for themselves. • Unlimited time off • Flexible working ☕ We support a flexible workplace, if you feel comfortable at home please work from home. If you’d like to work with others in an office feel free to come in. We want everyone to be able to work in the environment in which they are their most confident and productive selves. New Rainmakers will have a stipend to create a comfortable atmosphere at home. • Flexible working • Easy to access benefits 🧠For US Rainmakers, we offer comprehensive health, dental and vision plans for you and your dependents, as well as a 100% company subsidized life insurance plan.