Senior Application Security Engineer

Exciting opportunity for a Senior AppSec Specialist for a Hybrid role in downtown Chicago. This role is with a company that has made it their mission to help everyday Americans escape the endless cycle of crippling debt and step into a brighter financial future. They are searching for an Individual to join their Security team and help them get to the next level.

As their Senior Application Security Engineer, you will be the primary owner and driver of the application security program. You'll work hands-on with engineering teams to embed secure development practices, improve tooling and automation, and guide security considerations for new features, architectures, and services. This is a high-impact role where you'll shape the future of AppSec at a company that values security as a core part of product quality.


Required Skills & Experience

• 3–7+ years of experience in Application Security, Product Security, or related software engineering roles
• Strong understanding of secure coding practices, common vulnerabilities (OWASP Top 10), and modern SDLC
• Experience working with cloud-native applications, ideally in AWS
• Understanding of SSL certificates & cryptographic key management
• Hands-on experience with SAST, DAST, WAFs, and/or mobile application security tools
• Ability to partner effectively with developers and influence secure design decisions
• Familiarity with GitHub-based workflows and CI/CD pipelines

Desired Skills & Experience

• Software development background (Ruby on Rails experience strongly preferred)
• Experience with mobile app security (React Native)
• Terraform or Infrastructure as Code (IaC) experience
• Experience with enterprise security tooling (GitHub Advanced Security, Invicti, Hadrian, AppDome, Cloudflare WAF)
• Experience configuring and managing security tools, not just consuming their output
• Strong communication skills with ability to train and educate development teams

What You Will Be Doing
Tech Environment

• Ruby on Rails web applications
• React Native mobile applications
• AWS cloud infrastructure (ECS, IAM, networking)
• GitHub-based CI/CD pipelines
• Security tooling: GitHub Advanced Security, Invicti (DAST), Hadrian (ASM), AppDome, Cloudflare WAF

Daily Responsibilities

• 70% Hands-On Technical Work (tooling configuration, security reviews, automation, vulnerability triage)
• 30% Collaboration & Training (partnering with development teams, security guidance, developer enablement)

Key Responsibilities

• Own and evolve the application security program, working as a single contributor reporting to the IT Director
• Configure, manage, and optimize security tools—not just consume their findings but truly own the tooling
• Partner directly with product development teams (5-person security team, but you'll build relationships across engineering)
• Help developers understand and remediate security findings through collaboration, not just ticketing
• Integrate security into CI/CD pipelines and development workflows
• Provide security training and guidance to development teams on secure coding practices
• Collaborate with DevOps on AWS infrastructure security and hardening efforts

The Offer

• Hybrid schedule: 2 days per week in office (Monday & Wednesday)
• Location: Chicago, IL
• High-impact role at a successful, rapidly growing company
• Leadership that enthusiastically supports security with deep pockets for best-in-class tooling
• High exposure to building a world-class security program from the ground up

You will receive the following benefits:

• Medical, Dental, and Vision Insurance
• Vacation Time
• Stock Options

Applicants must be currently authorized to work in the US on a full-time basis now and in the future.