Application Security Engineer

How you’ll help us achieve it

We’re looking for an experienced security engineer who’s independent, excited about getting things done, and ready to hit the ground running. You’ll primarily be responsible for our application security, working with our product teams to work on new systems to enhance our security posture. Our customers trust us with their money, and you’ll be at the forefront of making sure we retain that trust!

This broadly scoped role will allow you to get your hands on many different types of security projects, from direct application security to helping our infrastructure team think about security for our databases.

Some experience with common industry certifications like ISO-27001 and PCI-DSS would be beneficial, although you won’t be expected to run or oversee audits.

Our to-do list changes constantly, but here are some recent projects:

• Centralise application-level login and permissions enforcement
• Develop a data protection inventory
• Security review of our public-facing APIs
• Work with our IT Team to fix any non-conformities found during audits by central banks and ISO certification.

Key details

• You can work remotely from anywhere (between UTC -5 and +4) with reliable internet access.
• You’re willing to travel to one of our key markets once per year for ~6 days (Wave covers all costs). We also provide a yearly stipend of $800 to meet with coworkers.
• Our salaries are competitive and are calculated using a transparent formula. For this role, depending on your level, we offer a salary of between $144,000-$166,900 (paid in your local currency equivalent), plus a generous equity package.
• We run performance reviews twice a year and award bonuses or promotions to strong performers who have been with the company for more than six months.
• Major benefits:
  • Subsidized health insurance for you and your dependents and retirement contributions (both vary from country to country).
  • 6 months of fully paid parental leave and subsidized fertility assistance.
  • Flexible vacation, with most folks taking between 30-40 days per year.
  • $10,000 annual charitable donation matching.

Requirements

• Minimum of 5 years of professional experience with a minimum of 2 years of it spent in a security-related role.
  • If you don’t perfectly meet this requirement you can still apply if you feel you have other experience or knowledge that is a good substitute.
• Strong Experience with Python.
• Fluent English.

You might be a good fit if you

• Are excited about finding the right balance between security and velocity.
• Push through hard problems without giving up.
• Have experience remediating non-conformities
• Enjoy helping other engineers understand and implement secure patterns.
• Are not afraid to take on complicated systems.
• Are excited to work on lots of different security-related work, from audits to code refactors.
• Work to make things easier for the next engineer who will touch your code.
• Always try to improve as a programmer and colleague.
• Are interested in security-focused source code review and penetration testing.
• Have an interest in growing and mentoring a team.

About engineering at Wave

You’ll report directly to the CTO, likely rotating with many of our Product and Platform teams, depending on the project you’re working on. Each team is led by a product manager and mentored by a technical lead on the team.

You’ll be responsible for your own security projects as well as supporting the engineering organisation on security through advice and design review. We organize things to give you as much ownership as possible, so you’ll typically be in charge of your projects from planning to delivery.

Our stack (you only need prior experience with python and cloud technologies, if you need to work with anything else, we’ll train you):

• Backend: Python 3 (+ mypy)
• API layer: GraphQL
• Android frontend: Kotlin/Jetpack
• iOS frontend: Swift/SwiftUI
• Web frontend: TypeScript/React
• Database: Postgres
• Infrastructure: GCP / Terraform
• Orchestration: Kubernetes