Key skills
AWSCloudDockerJavaJavaScriptNode.jsPythonRubyRuby on RailsSDLCAILLMClaudeRailsGitLab CISAMLSSOGitLabCI/CD
About this role
Role Overview
- Design, prompt-engineer, and deploy automated security review workflows, using for example Claude or other LLM APIs to perform real-time code analysis and architectural reviews within our CI/CD environment.
- Lead secure design reviews and advanced threat modeling for our complex payment systems and AI integrated applications.
- Act as a technical bridge between Security and Engineering teams.
- Collaborate frequently with different engineering teams to identify and address security issues.
- Oversee deep-dive technical reviews, moving beyond basic scans to perform source code audits and live application testing on high-risk features.
- Contribute and take ownership for the automated security controls we are building and take an active part in every aspect of the secure software development lifecycle (S-SDLC).
- Provide hands-on remediation guidance and mentor junior security or software engineers, also members of Product teams, on both traditional exploits and emerging AI-specific vulnerabilities.
Requirements
- 5+ years in Application Security
- Proven experience performing web application penetration tests and vulnerability research
- Skills in source code auditing, product assessments and interaction with product teams
- Experience with development of security tools
- A passion for replacing manual, repetitive tasks with intelligent, automated scripts and AI workflows
- Demonstrated ability to use tools like Claude for security-specific tasks like code summarization, vulnerability detection, and automated fix generation
- Experience building custom tools or wrappers that leverage LLMs to analyze pull requests and provide context-aware security feedback
- Deep practical knowledge of defending against Prompt Injection, Insecure Output Handling, and Model Inversion
- Experience with Python, Ruby on Rails, Java and modern web dev (JavaScript, Node.js, etc.)
- Good knowledge of AWS or similar cloud environments, containerization (Docker), and building/maintaining GitLab CI pipelines.
- Advanced experience with SAST, DAST, and SCA tools
- Deep understanding of applied cryptography, OAuth2, SAML, and SSO implementations
- Ability to translate complex AI-generated findings into actionable business risks for stakeholders
- A collaborative approach that treats developers and product teams as partners, focusing on enablement rather than friction
- Practical experience aligning technical controls with standards like SOC 1, SOC 2, PCI-DSS, and emerging AI-governance frameworks.
Tech Stack
- AWS
- Cloud
- Docker
- Java
- JavaScript
- Node.js
- Python
- Ruby
- Ruby on Rails
- SDLC
Benefits
- Competitive compensation
- Employee Stock Purchase Plan (ESPP)
- Flying Start
- Our immersive Global Induction Program (Meet our Execs & Global Teams)
- Work with brilliant people that will keep you on your toes, learn more about their journeys by checking out #InsideFlywire on social media
- Dynamic & Global Team (we have been collaborating virtually for years!)
- Wellbeing Programs (Mental Health, Wellness, Yoga/Pilates/HIIT Classes) with Global FlyMates
- Be a meaningful part in our success
- every FlyMate makes an impact
- Competitive time off including FlyBetter Days to volunteer in a cause you believe in and Digital Disconnect Days!
- Great Talent & Development Programs (Managers Taking Flight – for new or aspiring managers!)