Logo for RevenueCat

Senior Application Security Engineer

Role overview

Qualifications

  • Proactive, ownership mindset with ability to turn problems into solutions
  • Passion for building frameworks and automation to enforce security best practices
  • AI-curious and able to leverage AI tools and LLMs to enhance security
  • Deep technical security expertise across web and mobile, with hands-on code review experience and familiarity with security tooling (SAST, proxies); experience securing mobile SDKs (iOS/Android) and Python backends

Responsibilities

  • Participate in security code and system reviews, threat modeling, and risk assessments
  • Support the Bug Bounty program: triage, prioritize and fix issues; translate findings into foundational security improvements
  • Collaborate closely with infrastructure security to level up security posture
  • Be the go-to expert for application security issues, lead security reviews/threat assessments, and drive initiatives to improve application security

About the company

RevenueCat logo

RevenueCat

Computer Software / SaaS

The world's top apps use RevenueCat to build, analyze, and grow subscriptions on iOS, Android, and the web.

Company details

Company typeScaleup
IndustryComputer Software / SaaS
Company size51 - 200

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

RevenueCat removes the headaches of building and scaling in‑app subscriptions. Since graduating from YC’s S18 batch we’ve grown into the default monetization platform for mobile: we’re in >40% of newly shipped subscription apps, we process $10B+ in annual purchase volume, and we help everyone from a solo dev in Brazil to the OpenAI mobile team understand and grow their revenue.

We’re a remote‑first crew of 120+, spread across 25 countries, and guided by values we actually practice: Customer Obsession, Always Be Shipping, Own It, and Balance. If you want your work to touch hundreds of millions of end‑users (and help the developers behind them get paid), you’ll fit right in.

The role:

We are looking for a Senior, proactive Application Security Engineer to work closely with engineering teams, PMs and external parties to ensure that RevenueCat's products are secure.

RevenueCat has a fast-shipping culture. Your mission is to help to keep security at that speed, invest in automatic tooling to prevent certain kinds of security issues, identify common patterns and create frameworks that make building secure applications the default, so frictionless that adoption is natural and enthusiastic.

Our product is used extensively in top-tier apps, and is used to gate access to paid features. As such it needs to implement novel methods to prevent tampering and keep security high.

Other responsibilities will be:

  • Participate in security code and system reviews, threat modeling and risk assessments.

  • Support the Bug Bounty program, helping teams on triaging, prioritizing and fixing issues, learning the common issues and using that information to improve the foundations.

  • Collaborate closely with infra security to level up our security posture.

About you:

  • You are proactive: You see what is needed, you take action and own problems to turn them into solutions.

  • You love building frameworks and automation: You see that the best way to ensure that security and best practices are followed is to make something so easy and joyful to use that nobody wants to use anything else.

  • You are AI-Curious: You understand how LLMs and AI coding tools are changing engineering, you want to embrace and use them effectively to keep security level up.

  • You are agile: You move fast, iterate quickly, pivot and reprioritize when needed to maximize impact.

  • Technical Depth:

    • Deep understanding of common security flaws and ways to address them, both in web and mobile app environments.

    • Experience identifying security issues through code review.

    • Experience with common security tools and services, like SAST tools, proxies…

    • You are familiar with new AI security risks regarding MCPs, prompt injection and others. You want to help build safer guardrails for the new agentic development and AI adoption in the product.

    • Experience securing mobile SDKs (iOS/Android) and backend services (Python) is highly valued

In the first month, you'll:

  • Meet your team!

  • Get up to speed on our infrastructure, services and codebases.

  • Familiarize yourself with SDK and backend, how they interact.

  • Explore the bug bounty platform and reports.

  • Ship your first project.

Within the first 3 months, you'll:

  • Be able to scope and work on tasks self-sufficiently.

  • Participate in code reviews, security design reviews.

  • Participate actively in the bug bounty program.

Within the first 6 months, you'll:

  • Understand deeply risks and threats on SDK, how SDK and backend interact and the backend application.

  • Actively contribute to improve security, pushing and introducing frameworks, tools or services that have measurable impact.

  • Collaborate closely with other teams, creating ties, trust relationships, providing security guidance.

Within the first 12 months, you'll:

  • Be the go-to expert for application security issues, seek for security reviews, threat assessments.

  • Have your own initiatives for improving application security.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Security Engineer Related jobs

Other jobs at RevenueCat

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.