Application Security Engineer

Summary

Join Yuno, a company building payment infrastructure for global market participation, as an Application Security Engineer. You will be part of the SecOps team, contributing to secure architecture design, strengthening security posture across AWS and Kubernetes, and embedding security best practices throughout the SDLC. This role involves designing, building, and maintaining secure internal tools using Python, evaluating and securing APIs and microservices, performing security testing, defining secure architecture standards, integrating security controls within CI/CD pipelines, and mentoring developers. You will help foster a security-first culture and ensure a trusted experience for millions of customers. The position requires significant experience in application security, cloud security (especially AWS), and Python proficiency. Yuno offers competitive compensation, remote work options, a home office bonus, work equipment, stock options, health plan, flexible days off, and professional development courses.

Requirements

• 4+ years of hands-on experience in application security, including pentesting of web applications and APIs
• Deep expertise in identifying and mitigating OWASP Top 10 vulnerabilities and business logic flaws
• Proven experience integrating security controls into CI/CD pipelines
• Practical experience in cloud security, especially AWS environments
• Proficiency in Python, including secure coding and automation scripting
• Familiarity with modern authentication and encryption standards (e.g., OAuth, TLS)
• Strong problem-solving skills and the ability to communicate effectively and collaborate with cross-functional teams
• Verbal and written English fluency

Responsibilities

• Design, build, and maintain secure and scalable internal tools using Python, focusing on automation and secure coding best practices
• Evaluate and secure APIs and microservices in cloud (especially AWS) and Kubernetes environments, including threat modeling and internal assessments
• Perform manual and automated security testing to uncover OWASP Top 10 and business logic vulnerabilities in web applications and APIs
• Define and maintain secure architecture standards and coding guidelines to embed security across all stages of the SDLC
• Integrate and continuously improve security controls within CI/CD pipelines (static code analysis, automated scanning, compliance checks)
• Mentor and empower developers through secure coding training, hands-on guidance, and fostering a security-first and privacy-first culture
• Explore and evaluate emerging technologies and architectures (e.g., AI integrations) to ensure secure adoption

Preferred Qualifications

• Security certifications (e.g., OSCP, CEH, CISSP, Security+)
• Hands-on experience with AWS security services (e.g., IAM, Security Hub, GuardDuty, WAF)
• Experience working with compliance frameworks (e.g., GDPR, SOC 2, PCI DSS)
• Familiarity with emerging architectures (e.g., serverless, event-driven, AI integrations)

Benefits

• Competitive Compensation
• Remote work - You can work from everywhere!
• Home Office Bonus - We offer a one time allowance to help you create your ideal home office
• Work equipment
• Stock options
• Health Plan wherever you are
• Flexible Days off
• Language, Professional and Personal growth courses