At Rain, we are seeking a Senior Application Security Engineer to join our growing Security team. As a key member of this team, you will play a crucial role in securing our applications and platforms.
This position demands a proactive approach to secure software development and cloud-native defense. You will collaborate with engineering and development squads, work alongside the Cloud Security and GRC teams, and contribute to runtime security initiatives, threat modeling sessions, and secure engineering practices across the SDLC.
Key Responsibilities:
* Collaborate with development squads to validate vulnerabilities and provide actionable remediation guidance aligned with business risk.
* Drive threat modeling sessions for critical systems and APIs.
* Design, implement, and oversee automated processes for securely updating application and code dependencies.
* Integrate security checks into CI/CD pipelines using tools like Semgrep, Snyk, Trivy, and Burp Suite.
* Contribute to runtime security initiatives, such as container/Kubernetes hardening, RASP, and eBPF-based detection.
* Build and maintain a security issues dashboard to track remediation status and metrics.
* Provide real-time support in the event of cybersecurity incidents impacting applications or cloud infrastructure.
* Partner with the Cloud Security team on security automation tasks and monitoring improvements.
* Conduct proactive research on new threats, vulnerabilities, and attack techniques relevant to Rain's architecture.
* Collaborate with the GRC team to develop and deliver internal security awareness initiatives, phishing campaigns, and developer training.
Required Qualifications:
* Fluent English, including strong verbal and written skills.
* Strong problem-solving and analytical mindset.
* Excellent communication skills to convey security risks to technical and non-technical stakeholders.
* 3–5+ years of experience in application security, penetration testing roles, and/or secure code development.
* Hands-on experience with SAST, DAST, and SCA tools.
* Deep understanding of web, mobile, and API vulnerabilities.
* Proven expertise in performing code review or security assessments and writing clear reports.
* Proficiency in at least one backend language and understanding of React/React Native front-ends.
* Familiarity with secure architecture of microservices, event-driven systems, and REST APIs.
* Experience securing CI/CD pipelines and integrating AppSec tooling into the SDLC.
* Solid knowledge of containerization and Kubernetes security fundamentals.
* Understanding of cloud security, including IAM principles, cloud-native service configurations, and network segmentation.