Description
About Wolfe
Recognized among Pittsburgh's 2024 Top Workplaces and Fastest-Growing Companies, Wolfe has been a leader in the Gift Card and FinTech sectors for over 25 years. We partner with national brands such as Pizza Hut, KFC, Pandora Jewelry, Kendra Scott, Wawa, Journeys and others to manage their gift card programs. Our flagship consumer brand, PerfectGift.com, enables customers to create customized gift cards. We are a fast-paced environment, like kayaking down a white-water river, not canoeing on a lake.
About The Role
Wolfe is a Pittsburgh-based FinTech company building the next generation of financial products, and we are actively embedding AI across our product, our internal processes, and the way our teams work day-to-day. As an Application Security Engineer, you'll work hands-on alongside developers and DevOps engineers to build security into how we ship software — reviewing code, improving AI agent behaviors, hardening CI/CD pipelines, and helping teams find and fix vulnerabilities across application code, containers, and cloud infrastructure. This role is built for growth: whether you're a developer moving into security or an early-career security engineer expanding into application security, you'll learn enterprise security tooling — including AI/ML and LLM-powered tools — with support to earn certifications and grow alongside a security team that mentors in person. We're looking for candidates who are enthusiastic about an in-office culture. This is a 5-day onsite role in Pittsburgh, PA.
Responsibilities
- Perform code reviews, SAST/DAST testing, basic penetration tests, and basic threat modeling, and work with developers to remediate vulnerabilities across application code, libraries, containers, and infrastructure as code.
- Integrate and run automated security tooling (such as Snyk, SemGrep, or Cycode) within CI/CD pipelines across code repositories (such as GitHub, GitLab, Jenkins, or AWS DevOps), and help automate findings triage and reporting.
- Manage a vulnerability management program, vulnerability scanning tools and the enterprise Bug Bounty program, tracking and prioritizing remediation against defined SLAs.
- Help operate and improve Bot Management, WAF, secrets management, and API security controls across Wolfe's applications.
- Apply and promote secure coding standards aligned to OWASP and SANS CWE Top 25, and contribute to measuring DevSecOps maturity using a framework such as DSOMM or BSIMM.
- Partner with developers, security operations, product management, and incident response teams, sharing secure-coding and vulnerability-management practices as you grow your own expertise.
Impact Statement For more clarity on the role, below are the success metrics and measurements for this role in the first 90 to 120 days.:
- Update existing Application Security Strategy and make improvements on monitoring and reporting on KPI’s
- Make a significant improvement to least one automated security tool (DAST, SAST, SCA, or container scanning) in the production CI/CD pipeline, with results feeding a documented triage workflow.
- Driving additional Bug Bounty submissions and improve bot management turning & protections prior to end of Q3.
- Provide product and technology advisement and testing for new application and AI functionality
- Develop and plan a purposeful Application and AI development training program
Qualifications
- 2+ years of experience in application security, DevSecOps, or software development with security exposure — including developers looking to move into a dedicated security role — plus a Bachelor's in Information Security, Cybersecurity, Computer Science, or a related field (equivalent experience accepted in lieu of a degree).
- A real coding background and working knowledge of secure coding principles (OWASP Top 10, SANS CWE Top 25).
- Some hands-on exposure to CI/CD pipelines (GitHub, GitLab, Jenkins, or AWS DevOps) and an interest in integrating security tooling into them.
- Strong verbal and written communication skills, with the ability to explain security concepts to both technical and non-technical teammates.
- Eagerness to learn enterprise security tooling (vulnerability scanners, Bot Management, SAST/DAST/SCA) and maturity frameworks like DSOMM or BSIMM — deep prior experience with these is a plus, not a requirement.
- No certifications required; experience with CISSP, OSCP, GCSA, AWS Security Specialty, or CSSLP is a plus, and we'll support you in earning them.
Compensation, Benefits, and Perks
Wolfe is committed to providing a comprehensive benefits package to support your well-being, along with competitive compensation. Our benefits and perks include but not limited to:
- Restricted Stock Units (RSUs)
- Profit Share and/or Incentive Bonus
- Medical, Prescription, Vision, and Dental insurance for employees and dependents (Wolfe pays 80% of premium)
- Short-Term Disability Insurance (Wolfe pays 100% of premium)
- Voluntary Long-Term Disability Insurance, Life Insurance, Critical Illness Insurance, Accident Insurance, and Hospital Indemnity coverage
- PTO (vacation and sick time)
- Corporate Holidays and Floating Holidays
- 401(k)
- Employee recognition program
- Charitable Donation to a charity of your choice yearly
- Employee Referral Bonus
- Tuition Reimbursement
- Internal Training and Information sessions
- Family Picnic, Holiday Party, and other outings
- Internal Culture Club
Wolfe, LLC is a pioneering force in e-commerce since 1996 and the gifting industry, deeply rooted in Pittsburgh, Pennsylvania. Driven by our vision "To move humanity to express love for each other through personalized, faster, beautiful, secure, flexible gift giving," we're on a mission to revolutionize the way gifts are given and received. We achieve this through high-quality, fast service, and the same-day delivery of customized gift cards from our on-demand nations only robotic fulfillment center, alongside offering a safe and flexible card-to-card gifting technology.
At the heart of our success are our Core Values: Teamwork, Drive, Integrity, Caring, and Excellence. These principles guide us as we innovate and expand our portfolio with platforms and brands like PerfectGift, Gift Card Granny, GiftYa, Reaf Marketing, and Give InKind, setting new standards in the gifting experience.
Some of the Company and Executive Team Recognitions:
2023 Inc. 5000 list of fastest-growing private companies (ranked no. 382)
2022 - 1st place - Fastest 50 Growing Companies in Pittsburgh, Pittsburgh Business Times
2020 The Best Places to Work, Pittsburgh Business Times
2019 - Winner Carnegie Science Award, Entrepreneur Category
2017 - Winner of Outstanding Entrepreneur, Pittsburgh Venture Capital Association
2015 - Winner of Business Times Diamond Award, Business Ethics Award, Create Award
2015 CEO of the Year, Pittsburgh Technology Council
And more…