Senior Application Security Engineer (Remote)

United States

Applications have closed
Upgrade Inc. logo
Upgrade Inc.

Posted 6 months ago

Upgrade is a fintech unicorn backed by a top 10 global bank and other leading fintech investors. Founded in 2017, Upgrade has already delivered $3 billion in consumer credit and achieved $100 million in annual revenue run rate and cash profitability.
Upgrade is building a neobank offering exceptional value to mainstream consumers, including affordable and responsible credit through cards and loans. In 3 short years 10 million people have already applied for an Upgrade Card or loan.
Upgrade has been named a “Best Place to Work in the Bay Area” by the San Francisco Business Times and Silicon Valley Business Journal 3 years in a row, and received “Best Company for Women” and “Best Company for Diversity” awards from Comparably.
We are looking for new team members who get excited about designing and implementing new and better products and join a team of 300 talented and passionate professionals. Come join us if you like to tackle big problems and make a meaningful difference in people's lives.
This is a remote position based in the United States.   


  • We are looking for an Application Security specialist to help expand our Software Assurance program. As part of the cross-functional Information Security Team you might be involved in other activities like compliance or operations but, the main activities related to the Application Security Specialist role includes:
  • Evaluation of security technology. methodology, and tools to better the software development life cycle
  • Help train developers, and QA personnel to the appropriate level of software security knowledge to perform their responsibilities
  • Improving and supporting application security tool services including static analysis and dynamic testing tools
  • Supporting incident response and architecture review processes whenever application security expertise is needed
  • Managing routine penetration testing services, including both expert consulting and managed services
  • Providing manual penetration testing and standards gap analysis services to internal business and technology partners
  • Supporting, Improving and maintaining secure development standards and application security framework projects
  • Supporting Vendor Management activities to ensure 3rd party software and development meet security standards
  • Integrating threat modeling practices into the product development life cycle
  • Providing security requirements for test driven design to assess control effectiveness
  • Producing metrics reporting the state of application security programs and performance of development teams against requirements


  • 2+ years of relevant work experience
  • Deep hands-on experience with agile development processes and have experience integrating secure development practices into the model. The ideal candidate has experience writing and testing web applications and web services.
  • Have familiarity with a variety of development and testing tools.
  • Have expert hands-on experience working with one or more SAST, DAST and IAST tools.
  • Candidates must be able to explain vulnerabilities and weaknesses, and discuss effective defensive techniques.
  • Experience with cyber security attacks and mitigation methods (red/blue team experience).
  • Experience working with web applications and browser security; security assessments and penetration testing; identity and access control; applied cryptography and security protocols; security information and event monitoring and intrusion detection
  • Expertise in employing analytics and threat intelligence techniques, Incident response process; Software security
  • IT supply-chain risk management and assurance; cloud security operations


  • Comprehensive benefit package: medical, dental, and vision.
  • Unlimited vacation policy.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Job tags: Analytics Architecture Blue team Cryptography Incident response Penetration testing Security assessments Threat intelligence Vendor management Vulnerabilities
Job region(s): North America Remote/Anywhere
Job stats:  34  3  0