Application Security Engineer (Web3)

TL;DR

Application Security Engineer (Web3/Fintech): Act as a "Breaker" by identifying complex vulnerabilities and a "Builder" by engineering automated solutions that empower developers to move fast without compromising security. Focus on deep-dive security reviews of web applications, APIs, and cloud infrastructure, supporting blockchain initiatives, and building security tooling into the development lifecycle.

Location: Remote from the United States or Canada

Salary: $169,150 – $195,000

Company

hirify.global is rebuilding today’s archaic financial infrastructure to open the world’s financial system to everyone by enabling the instant movement of any asset, any time, in a trustworthy way.

What you will do

• Perform deep-dive security reviews of web applications, APIs, and cloud infrastructure.
• Develop security-focused tools and libraries in Go, Java, or Ruby.
• Support blockchain initiatives by identifying risks in L1/L2 integrations and smart contract interactions.
• Manage and tune Web Application Firewalls (WAF) and cloud-native security controls.
• Contribute to the security culture through developer training and incident response.
• Build and maintain tooling to integrate security into the development lifecycle.
• Partner with engineering teams during the design phase for Threat Modeling.
• Manage the end-to-end lifecycle of vulnerabilities, from discovery to remediation.

Requirements

• Proven ability to perform deep-dive manual security testing while also securing production-quality code.
• Expert-level knowledge of OWASP Top 10, CWE, and API security vulnerabilities (Go, Java, or Ruby preferred).
• Experience building and scaling security checks directly into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins).
• Working knowledge of AWS/GCP security configurations, particularly IAM, VPCs, and WAF management.
• English: B2 required

Culture & Benefits

• Competitive total compensation and benefits package, including equity and bonuses.
• Opportunity to protect digital assets, customer funds, and sensitive data against sophisticated threats.
• Work within a specialized, deeply technical, and vigilant Security team.

Hiring process

• Technical roles do not include coding interviews without prior screening by the engineering team.
• No requests for payment or financial details during the application, interview, or work process.