Sr. Application Security Engineer - Consumer Fintech Company

About This Role

Responsibilities

• Serve as a senior subject matter expert in application security, providing authoritative guidance on secure design, authentication, identity flows, API security, and cloud-native application risks.
• Act as a trusted security advisor during architecture reviews, design discussions, and risk assessments across multiple teams and services.
• Identify, assess, and clearly communicate application-centric security risks across application code, CI/CD pipelines, identity systems, and cloud environments.
• Independently own and drive resolution of complex and ambiguous application security challenges with broad organizational impact.
• Apply threat modeling, attack-path analysis, and adversarial thinking to inform defensive improvements and strengthen application resilience.
• Contribute technically to broader security programs by shaping standards, best practices, secure patterns, and technical guidance.
• Support security incidents and targeted threat-hunting efforts by providing application security expertise, root-cause analysis, and remediation guidance.
• Design, improve, and help operationalize automated security tooling and pipelines (e.g., SAST, DAST, SCA, secrets detection).
• Mentor engineers and security partners across teams, acting as a force multiplier to improve secure design and decision-making at scale.
• Communicate risks, recommendations, and standards clearly to senior engineers and security leadership to influence technical direction.

Requirements

• 6+ years of experience in application security or product security roles
• Strong understanding of Customer Identity Access Management (CIAM), authentication and identity protocols (OAuth2, OIDC, SAML, JWT, MFA)
• Demonstrated impact improving application security outcomes across multiple teams, systems, or business domains
• Deep experience securing web applications, APIs, distributed systems, WAFs, and customer identity platforms
• Proven ability to review system designs, data flows, and identify architectural security risks
• Solid understanding of cloud-native application architectures and CI/CD pipelines from an application risk perspective
• Experience designing or maintaining automated security tooling and pipelines (SAST, DAST, SCA, secrets detection)
• Proficiency in one or more modern programming languages
• Experience threat modeling or assessing AI-powered features and LLM integrations
• Application-focused penetration testing or adversarial security testing experience
• Familiarity with Kubernetes, container security, and infrastructure-as-code as they relate to application security
• Experience operating in regulated environments
• Relevant security certifications (e.g., OSWE, GWAPT, CSSLP)

Benefits & Perks

About Skyrocket Ventures

Skyrocket Ventures is a recruiting firm based in Westlake Village, California, founded in 2010. The company specializes in connecting top engineering and technical talent with high-growth technology companies, including industry leaders and startups. With a team of about 25 employees, Skyrocket Ventures operates globally and focuses on technical recruiting, often helping clients hire more engineers than other firms. The firm offers a range of specialized recruiting services. They work closely with clients to understand their hiring needs and match them with highly qualified candidates. Skyrocket Ventures supports the entire hiring process, including interviews and negotiations. They recruit for various technical roles, such as software engineering, machine learning, and cybersecurity, and cater to sectors like crypto and remote engineering. The company is dedicated to helping both employers achieve their goals and candidates find roles that align with their career aspirations.