Senior Application Security Engineer

Senior Application Security Engineer

Introduction

RevenueCat removes the headaches of building and scaling in-app subscriptions. Since graduating from YC's S18 batch we've grown into the default monetization platform for mobile: we're in >40% of newly shipped subscription apps, we process $10B+ in annual purchase volume, and we help everyone from a solo dev in Brazil to the OpenAI mobile team understand and grow their revenue.

About Us

We're a remote-first crew of 120+, spread across 25 countries, and guided by values we actually practice: Customer Obsession, Always Be Shipping, Own It, and Balance. If you want your work to touch hundreds of millions of end-users (and help the developers behind them get paid), you'll fit right in.

The Role

We are looking for a Senior, proactive Application Security Engineer to work closely with engineering teams, PMs and external parties to ensure that RevenueCat's products are secure.

• Help to keep security at that speed, invest in automatic tooling to prevent certain kinds of security issues
• Identify common patterns and create frameworks that make building secure applications the default, so frictionless that adoption is natural and enthusiastic

Our product is used extensively in top-tier apps, and is used to gate access to paid features. As such it needs to implement novel methods to prevent tampering and keep security high.

Responsibilities

• Participate in security code and system reviews, threat modeling and risk assessments
• Support the Bug Bounty program, helping teams on triaging, prioritizing and fixing issues, learning the common issues and using that information to improve the foundations
• Collaborate closely with infra security to level up our security posture

About You

• You are proactive: You see what is needed, you take action and own problems to turn them into solutions
• You love building frameworks and automation: You see that the best way to ensure that security and best practices are followed is to make something so easy and joyful to use that nobody wants to use anything else
• You are AI-Curious: You understand how LLMs and AI coding tools are changing engineering, you want to embrace and use them effectively to keep security level up
• You are agile: You move fast, iterate quickly, pivot and reprioritize when needed to maximize impact

Technical Depth

• Deep understanding of common security flaws and ways to address them, both in web and mobile app environments
• Experience identifying security issues