About the CompanyRain makes the next generation of payments possible across the globe. We’re a lean and mighty team of passionate builders and veteran founders. Our infrastructure makes stablecoins usable in the real-world by powering card transactions, cross-border payments, B2B purchases, remittances, and more. We partner with fintechs, neobanks, and institutions to help them launch solutions that are global, inclusive, and efficient. You will have the opportunity to deliver massive impact at a hypergrowth company that is funded by some of the top investors in fintech, crypto, and SaaS, including Sapphire Ventures, Norwest, Galaxy Ventures, Lightspeed, Khosla, and several more. If you’re curious, bold, and excited to help shape a borderless financial future, we’d love to talk.Our EthosWe believe in an open and flat structure. You will be able to grow into the role that most aligns with your goals. Our team members at all levels have the freedom to explore ideas and impact the roadmap and vision of our company.What You’ll DoAs a Security Engineer with a focus on Application Security, you’ll be a key contributor in embedding security into Rain’s engineering lifecycle and supporting delivery of secure, trusted applications:Lead application security assessments, including vulnerability scanning, code reviews, and threat modeling with engineering teamsPartner closely with product and development squads to drive remediation and help teams understand and resolve security findings efficientlyIntegrate and scale automated security tooling across CI/CD pipelines (SAST, DAST, SCA, IaC) to shift security leftDevelop and maintain application security standards, patterns, and guardrails that reduce risk and support rapid deliveryDrive threat modeling and risk assessments for new features, APIs, and servicesCollaborate with Cloud & Infrastructure Security to align security controls across layers and support cloud-native security requirementsSupport incident response for application-level security events and contribute to root-cause analysis and future mitigation strategiesHelp build internal training and awareness programs to elevate secure coding and developer security literacyTrack and surface key security metrics, trends, and continuous improvement insights to leadershipWhat we're looking for4–8+ years of experience in security engineering, application security, offensive security, or secure software development; strong track record of securing modern applicationsHands-on experience with security tools such as Semgrep, Burp Suite, Snyk, Trivy, or similar for static, dynamic, and dependency security analysisSolid understanding of web, API, and mobile security vulnerabilities (e.g., OWASP Top 10, API Top 10)Experience driving or participating in threat modeling and secure design reviewsFamiliarity with cloud concepts and securing cloud workloadsCollaborative mindset — you enjoy working closely with engineers to co-create practical security solutionsPractical understanding of SDLC and integrating security into development workflowsAbility to independently identify, prioritize, and drive remediation on critical findingsExperience balancing security risk with business and technical constraintsNice to have, but not mandatoryExperience or exposure to runtime application protection (RASP) or advanced monitoring (e.g., eBPF-based tooling)Experience with cloud security automation frameworks such as Security Hub remediations or DLP improvementsSecurity certifications like CISSP, CSSLP, OSCP, GWAPT, or similarFamiliarity with compliance frameworks like SOC 2, ISO 27001, OWASP SAMM and aligning controlsPrior experience in fintech, payments, or highly regulated environmentsExposure to API security tooling and design best practicesThings that enable a fulfilling, healthy, and happy experience at Rain:Unlimited time off 🌴 Unlimited vacation can be daunting, so we require Rainmakers to take at least 10 days off.Flexible working ☕ We support a flexible workplace. If you feel comfortable at home, please work from home. If you’d like to work with others in an office, feel free to come in. We want everyone to be able to work in the environment in which they are their most confident and productive selves. New Rainmakers will receive a stipend to create a comfortable home environment.Easy to access benefits 🧠For US Rainmakers, we offer comprehensive health, dental, and vision plans for you and your dependents, as well as a 100% company subsidized life insurance plan.Retirement goals💡Plan for the future with confidence. We offer a 401(k) with a 4% company match.Equity plan 📦 We offer every Rainmaker an equity option plan so we can all benefit from our success.Rain Cards 🌧️ We want Rainmakers to be knowledgeable about our core products and services. To support this mission, we issue a card for our team to use for testing.Health and Wellness 📚 High performance begins from within. Rainmakers are welcome to use their card for eligible health and wellness spending like gym memberships/fitness classes, massages, acupuncture - whatever recharges you!Team summits ✨ Summits play an important role at Rain! Time spent together helps us get to know each other, strengthen our relationships, and build a common destiny. Expect team and company off-sites both domestically and internationally.