Senior Application Security Engineer

Who we are:

We are a leader in fraud prevention and AML compliance. Our platform uses device intelligence, behavior biometrics, machine learning, and AI to stop fraud before it happens. Today, over 300 banks, retailers, and fintechs worldwide use Sardine to stop identity fraud, payment fraud, account takeovers, and social engineering scams. We have raised $145M from worldclass investors, including Andreessen Horowitz, Activant, Visa, Experian, FIS, and Google Ventures.

Our culture:

• We have hubs in the Bay Area, NYC, Austin, and Toronto. However, we maintain a remotefirst work culture. #WorkFromAnywhere

• We hire talented, selfmotivated individuals with extreme ownership and high growth orientation.

• We value performance and not hours worked. We believe you shouldnt have to miss your family dinner, your kids school play, friends gettogether, or doctors appointments for the sake of adhering to an arbitrary work schedule.

• Location:

  • Remote Canada (From Home Beach Mountain Cafe Anywhere!)

  • We are a remotefirst company with a globally distributed team. So you can find your productive zone and work from there

  • About the role

    As an Application Security (AppSec) Engineer at Sardine, you will play a critical role in ensuring the security and integrity of our services. You will be a key security partner for our development teams, embedding security principles directly into the Software Development Lifecycle (SDLC). This is a handson role for a motivated individual who is passionate about proactively identifying and mitigating security risks, building secure systems, and fostering a strong security culture. You will be instrumental in protecting our company and our customers data from emerging threats.

    What you’ll be doing

    • Perform security code reviews, vulnerability assessments, and penetration tests on our web applications, mobile applications, and APIs.

    • Integrate and manage security tools within our CICD pipelines, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).

    • Lead and conduct threat modeling exercises for new features and services to identify potential security risks in the design phase.

    • Triage, validate, and prioritize vulnerabilities discovered through automated tools, manual testing, and external bug bounty programs.

    • Collaborate with engineering and product teams to design secure solutions and provide expert guidance on remediation strategies for identified vulnerabilities.

    • Develop and maintain security standards, best practices, and documentation for our development teams.

    • Manage security training to educate developers on secure coding practices and emerging threats.

    • Develop custom scripts and automation to enhance our security testing capabilities and streamline security operations.

    • Assist in incident response activities related to application security events.
      

    • What you’ll bring

      • 7+ years of professional experience in an application security, product security, or offensive security role.

      • Deep understanding of common application vulnerabilities, such as those listed in the OWASP Top 10, and their mitigation techniques (e.g., CrossSite Scripting (XSS), SQL Injection, CrossSite Request Forgery (CSRF), Insecure Deserialization).

      • Strong proficiency in reading and auditing code in at least one of the following languages: Python, Go, or JavaScriptTypeScript.

      • Handson experience with security tools for SAST, DAST, IAST, and SCA.

      • Solid understanding of security principles for cloud environments (GCP & AWS) and containerized services (Docker, Kubernetes).

      • Proven experience integrating security into various stages of the SDLC.

      • Strong analytical, problemsolving, and incident response skills.

      • Excellent communication and interpersonal skills, with the ability to effectively interact with technical and nontechnical stakeholders.

      • Compensation: Base pay range of $175,000 $215,000 CAD + Series C equity with tremendous upside potential + Attractive benefits

        The compensation offered for this role will depend on various factors, including the candidates location, qualifications, work history, and interview performance, and may differ from the stated range.

        Benefits we offer:

        • Generous compensation in cash and equity

        • Early exercise for all options, including prevested

        • Work from anywhere: Remotefirst Culture

        • Flexible paid time off, Yearend break, Self care days off

        • Health insurance, dental, and vision coverage for employees and dependents US and Canada specific

        • 4% matching in 401k RRSP US and Canada specific

        • MacBook Pro delivered to your door

        • Onetime stipend to set up a home office — desk, chair, screen, etc.

        • Monthly meal stipend

        • Monthly social meetup stipend

        • Annual health and wellness stipend

        • Annual Learning stipend

        • Unlimited access to an expert financial advisory

        • Join a fastgrowing company with worldclass professionals from around the world. If you are seeking a meaningful career, you found the right place, and we would love to hear from you.

          To learn more about how we process your personal information and your rights in regards to your personal information as an applicant and Sardine employee, please visit our Applicant and Worker Privacy Notice.