Senior Application Security Engineer

Senior Application Security Engineer

Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus. We've raised nearly $400M in fundingincluding the largest Series A in fintech historyand just closed our Series B to fuel our next stage of hypergrowth.

We are seeking a skilled and driven Senior Application Security Engineer to join Rain's growing Security team. This role demands a proactive approach to secure software development and cloud-native defense. You will partner closely with engineering and development squads, and work alongside our Cloud Security and GRC team members to improve Rain's application and platform security posture.

This position is technically grounded, requiring direct engagement in application-layer matters and security reviews, while also contributing to cloud security automation, awareness initiatives, and secure engineering practices across the SDLC.

Key Responsibilities :

• Collaborate with development squads to validate vulnerabilities and provide actionable remediation guidance aligned with business risk.
• Drive threat modeling sessions (e.g., STRIDE, PASTA) for critical systems and APIs.
• Design, implement, and oversee automated processes for securely updating application and code dependencies, proactively mitigating issues and ensuring timely vulnerability remediation.
• Integrate security checks into CI / CD pipelines (SAST, DAST, SCA, IaC), working with tools like Semgrep, Snyk, Trivy, and Burp Suite.
• Contribute to runtime security initiatives, such as container / Kubernetes hardening, RASP, and eBPF-based detection.
• Build and maintain a security issues dashboard to track remediation status and metrics.
• Provide real-time support in the event of cybersecurity incidents impacting applications or cloud infrastructure (exploited vuln, credential stuffing, web / API attacks).
• Partner with the Cloud Security team on security automation tasks and monitoring improvements (e.g., Security Hub remediation automations, DLP monitoring, etc.).
• Conduct proactive research on new threats, vulnerabilities, and attack techniques relevant to Rain's architecture.
• Collaborate with the GRC team to develop and deliver internal security awareness initiatives, phishing campaigns, and developer training (e.g., secure coding, API security).
• Participate in the continuous improvement of AppSec maturity (e.g., aligning with OWASP SAMM, ISO 27001, or SOC 2 frameworks).

Required Qualifications :

Preferred Qualifications :

Who We Are :

Rain is filled with people with a deeply rooted passion for our mission, who embrace diversity throughout our global team, and grow personally and professionally. We own what we do and let data guide our actions while working quickly and adapting to new challenges everyday.

As part of our dedication to the diversity of our workforce, Rain is committed to Equal Employment Opportunity and does not discriminate based on race, religion, color, national origin, ethnicity, gender, sex (including pregnancy), protected veteran status, age, disability, sexual orientation, gender identity, gender expression, or any unlawful criterion existing under applicable federal, state, or local laws. If you need assistance or accommodation due to a disability, you may contact us at HR-US@rain.us.