Senior Application Security Engineer



Toronto, ON, Canada
Posted on Friday, June 28, 2024
Our mission is to increase the success rate of small businesses. Traditional banking has been a growth limiter rather than a growth enabler for business owners, and we’re changing that. Relay is the all-in-one, collaborative money management platform. We’re building for employer SMBs and their finance function, internal and external, and are focused on delivering a human-centric customer experience. Ultimately, we help SMBs be ‘on the money'.
Relay is entering an exciting new chapter of growth and we’re looking for a Senior Application Security Engineer to join our Trust team. Your love of making and contributing to high-impact decisions daily and desire to help shape the future of Relay is going to be crucial. The team’s vision is “Protecting the cathedral while enabling the bazaar” - quite a challenge in a fintech business. This is an opportunity to get in at ground level and help evolve our security posture as we grow.
Our Senior Application Security Engineer will be required to work from our downtown Toronto office (2-days per week).

What You'll Be Doing

  • Collaborate with stakeholders across the organization to drive application security maturity
  • Perform application security testing, code reviews, to identify and evaluate security vulnerabilities in applications, APIs
  • Establish secure software development practices that make security an important piece of the SDLC pie
  • Build security tooling and automations to scale the engineering team’s security practices
  • Develop and maintain application security standards and provide guidance to software engineering teams
  • Participate in incident response activities as needed including supporting engineering teams incident remediation efforts
  • Perform threat modeling and security architecture reviews to identify potential security risks and integrate security early in the development process.
  • Be actively involved in Relay’s application security vulnerability management program, triaging and prioritizing vulnerabilities from application security tooling, vulnerability disclosure program, manual testing results
  • Champion developer education initiatives on all things application security, while being an advocate for all things AppSec and Security at Relay. Tell us how you would reduce risk!

Who You Are

  • You have 5+ years of experience in Application Security engineering, application security penetration testing, developing and implementing changes. We are looking for builders: incremental changes or major initiatives.
  • You're familiar with our tech stack: Node.js, GitHub (repositories and actions), AWS, HackerOne.
  • You are experienced with programming languages such as JavaScript, Python, etc.
  • You have a deep understanding of application security concepts.
  • You have done some presentations about security subjects/participated in CTFs
  • You're automation-driven. Think small teams, high impact: tell us how to leverage systems to accelerate our velocity.
  • You're self driven to improve security across the core product of the organization
  • You're curious. The AppSec and security landscape isn’t static, and neither should you be!
  • You're a team player. Our team is small and mighty, and we collaborate constantly - we want someone who is always willing to pitch in and isn’t afraid to ask for help.

Bonus Points

  • Show us your home lab! We have Ubiquity gears everywhere and we like to geek-out on our k8s clusters that control in-house experience. Show us CVE, conference talks, etc.
  • Even when it seems impossible to identify security vulnerabilities, you understand and persevere knowing there is something lurking
  • You’ve joined a company at its early stages and have seen it through scale
  • You have experience working in a fintech startup
  • Research shows that women-identifying and other marginalized individuals tend to only apply when they meet 100% of the qualifications; if you don't have all the listed qualifications, we encourage you to apply anyway!

Our Commitment To You

  • Competitive salary and meaningful equity: every team member gets a piece of the pie.
  • Comprehensive health benefits: we offer full health benefits + an HSA/WSA starting from day 1 so you get the coverage you need.
  • Considerable vacation/end-of-year holiday shutdown: we take time off to reset and recharge so we come back better for our customers.
  • Hybrid work environment: we love collaborating and connecting in the office two times a week and offer catered lunches and a snack/beverage program for the days we’re in office. Don’t forget to bring in your furry friends!
  • Personal and professional growth: support from leaders who care about your growth and success through regular feedback and coaching. Our goal is to make Relay a step-change career opportunity.
  • Top-tier equipment: we’ll make sure you have everything you need to produce your best work.
  • Team-first culture: we’re passionate about working collaboratively, bonding through team events, and most importantly having fun.

The Interview Process

  • Stage 1: A 30-minute Google Meet video call with a member of the Talent Team
  • Stage 2: A 45-minute experience deep dive interview with the Engineering Manager, Application Security
  • Stage 3: A 1-hour live technical assessment via Google Meet with a member of the trust team and the engineering team
  • Stage 4: A 30-minute Google Meet video call with a member of the executive team at Relay Financial
What’s Important to Us
At Relay, we believe that diversity is key to building high-performing teams, and creating an inclusive work environment is our priority. We are an equal-opportunity employer and we welcome people of diverse backgrounds, perspectives, and skills.
We will work with applicants to provide accommodations at any stage of the hiring process. If you require accommodations during the interview process, please email your People Team contact, and we will work with you to meet your needs.