Application Security Engineer

The world of digital assets is accelerating in speed, magnitude, and complexity, opening the door to new ways for leveraging the blockchain. Fireblocks' platform and network provide the simplest and most secure way for companies to work with digital assets and it trusted by some of the largest financial institutions, banks, globally-recognized brands, and Web3 companies in the world, including BNY Mellon, BNP Paribas, ANZ Bank, Revolut, and thousands more.

We're looking for a highly skilled and motivated Application Security Engineer to join our dynamic team. As an Application Security Engineer, you will be responsible for ensuring the secure and efficient operation of our software development and deployment processes. You will collaborate with cross-functional teams to integrate security practices into the development lifecycle and foster a culture of security awareness. The ideal candidate will have a strong software development background, SDLC security principles, and threat modeling for application-based features

What You'll Do

CI/CD Security Hardening-Improve and secure our continuous integration and deployment pipelines through the selection, implementation, and tailoring of new tooling, as well as the maintenance and enhancement of our current stack.
Security Tooling Management-Operate, fine-tune, and customize tools like Snyk, Apiiro, and other AppSec platforms to reduce false positives and enhance threat detection.
Policy Definition-Collaborate with cross-functional teams to develop practical, enforceable CI/CD security policies.
Security Orchestration & Automation-Build and maintain automated playbooks and workflows using orchestration platforms like Torq to support incident response and alert management.
Vulnerability prioritization-Collaborate with development, operations, and security teams to identify and prioritize security vulnerabilities/issues and requirements and integrate security controls into the development lifecycle. It is imperative to have an open mind to find root causes and promote their remediation.
Secure Code Review-Perform or support manual and automated secure code reviews, especially for high-risk components, and provide actionable remediation guidance to developers.
AI Agent Development-Contribute to the development and security of automated agents (e.g., using LLMs like Claude) for tasks such as code analysis, vulnerability hunting, and automated remediation.
AI/ML Application Security Review-Perform application-level architectural security reviews of AI models and Machine Comprehension Platforms (MCPs), focusing on data integrity, model robustness, inference security, and alignment with responsible AI principles.

What You'll Bring

At least 5 years of experience in security engineering, application security, or a similar role-Must!
Hands-on experience with modern CI/CD tools (GitHub, GitLab, ArgoCD, etc.).

Familiarity with SCA/SAST/DAST/orchestration tools, such as, Torq and Semgrep

Strong understanding of Git workflows and source control best practices-Must!
Basic cloud knowledge (AWS or Azure preferred)-Must!
Solid scripting skills (Python, NodeJS, or similar)-Must!
Comfortable collaborating with developers and DevOps engineers to solve real-world security challenges
Strong code review skills-Must!
Pentest/security research experience
In-depth understanding of security principles, best practices, and industry standards (e.g., OWASP, NIST, ISO 27001)
Strong problem-solving and analytical skills, with the ability to identify and mitigate security risks
Excellent communication and collaboration skills, with the ability to work effectively in cross-functional teams
Bachelor's degree in Computer Science, Information Security, or a related field (Nice-To-Have)

Why You'll Love It Here

A chance to own and grow our AppSec processes in a collaborative and supportive environment.
Exposure to modern tools and real-world challenges in scaling security.
Work alongside experienced security engineers and DevOps professionals.
Opportunity to grow toward senior responsibilities with mentorship and support.

Fireblocks' mission is to enable every business to easily and securely access digital assets and cryptocurrencies. In order to do that, we strongly believe our workforce should be as diverse as our clients, and this is why we embrace diversity and inclusion in all its forms.

Please see our candidate privacy policy here.