Application Security Engineer

Wolfe, LLC

Pittsburgh, Pennsylvania

JOB DETAILS
SALARY
$110,000–$120,000 Per Year
SKILLS
Amazon Web Services (AWS), Application Programming Interface (API), Applications Security, Artificial Intelligence (AI), Artificial Intelligence (AI) Programming Languages, CISSP - Certified Information Systems Security Professional, Cloud Computing, Code Reviews, Communication Skills, Computer Science, Computer Security, Consumer Branding, Continuous Deployment/Delivery, Continuous Integration, Dental Insurance, DevOps, Enterprise Protection, Establish Priorities, Fast Food, Gift Management, GitHub, Incident Response, Information/Data Security (InfoSec), Internet Security, Jenkins, Machine Tool, Mentoring, Non-Profit Funding, Operations Management, Penetration Testing, Performance Metrics, Prescription Drugs, Presentation/Verbal Skills, Product Management, Secure Coding, Service Level Agreement (SLA), Software Development, Software Engineering, Threat Modeling, Training Program, Tuition Reimbursement, Vision Plan, Vulnerability Scanners, Writing Skills
LOCATION
Pittsburgh, Pennsylvania
POSTED
3 days ago

Description


About Wolfe

Recognized among Pittsburgh's 2024 Top Workplaces and Fastest-Growing Companies, Wolfe has been a leader in the Gift Card and FinTech sectors for over 25 years. We partner with national brands such as Pizza Hut, KFC, Pandora Jewelry, Kendra Scott, Wawa, Journeys and others to manage their gift card programs. Our flagship consumer brand, PerfectGift.com, enables customers to create customized gift cards. We are a fast-paced environment, like kayaking down a white-water river, not canoeing on a lake.


About The Role

Wolfe is a Pittsburgh-based FinTech company building the next generation of financial products, and we are actively embedding AI across our product, our internal processes, and the way our teams work day-to-day. As an Application Security Engineer, you'll work hands-on alongside developers and DevOps engineers to build security into how we ship software — reviewing code, improving AI agent behaviors, hardening CI/CD pipelines, and helping teams find and fix vulnerabilities across application code, containers, and cloud infrastructure. This role is built for growth: whether you're a developer moving into security or an early-career security engineer expanding into application security, you'll learn enterprise security tooling — including AI/ML and LLM-powered tools — with support to earn certifications and grow alongside a security team that mentors in person.  
We're looking for candidates who are enthusiastic about an in-office culture. This is a 5-day onsite role in Pittsburgh, PA. 

Responsibilities


  • Perform code reviews, SAST/DAST testing, basic penetration tests, and basic threat modeling, and work with developers to remediate vulnerabilities across application code, libraries, containers, and infrastructure as code. 
  • Integrate and run automated security tooling (such as Snyk, SemGrep, or Cycode) within CI/CD pipelines across code repositories (such as GitHub, GitLab, Jenkins, or AWS DevOps), and help automate findings triage and reporting. 
  • Manage a vulnerability management program, vulnerability scanning tools and the enterprise Bug Bounty program, tracking and prioritizing remediation against defined SLAs. 
  • Help operate and improve Bot Management, WAF, secrets management, and API security controls across Wolfe's applications. 
  • Apply and promote secure coding standards aligned to OWASP and SANS CWE Top 25, and contribute to measuring DevSecOps maturity using a framework such as DSOMM or BSIMM. 
  • Partner with developers, security operations, product management, and incident response teams, sharing secure-coding and vulnerability-management practices as you grow your own expertise. 

Impact Statement

For more clarity on the role, below are the success metrics and measurements for this role in the first 90 to 120 days.: 
  • Update existing Application Security Strategy and make improvements on monitoring and reporting on KPI’s 
  • Make a significant improvement to least one automated security tool (DAST, SAST, SCA, or container scanning) in the production CI/CD pipeline, with results feeding a documented triage workflow. 
  • Driving additional Bug Bounty submissions and improve bot management turning & protections prior to end of Q3. 
  • Provide product and technology advisement and testing for new application and AI functionality 
  • Develop and plan a purposeful Application and AI development training program

Qualifications


  • 2+ years of experience in application security, DevSecOps, or software development with security exposure — including developers looking to move into a dedicated security role — plus a Bachelor's in Information Security, Cybersecurity, Computer Science, or a related field (equivalent experience accepted in lieu of a degree). 
  • A real coding background and working knowledge of secure coding principles (OWASP Top 10, SANS CWE Top 25). 
  • Some hands-on exposure to CI/CD pipelines (GitHub, GitLab, Jenkins, or AWS DevOps) and an interest in integrating security tooling into them. 
  • Strong verbal and written communication skills, with the ability to explain security concepts to both technical and non-technical teammates. 
  • Eagerness to learn enterprise security tooling (vulnerability scanners, Bot Management, SAST/DAST/SCA) and maturity frameworks like DSOMM or BSIMM — deep prior experience with these is a plus, not a requirement. 
  • No certifications required; experience with CISSP, OSCP, GCSA, AWS Security Specialty, or CSSLP is a plus, and we'll support you in earning them. 


Compensation, Benefits, and Perks


Wolfe is committed to providing a comprehensive benefits package to support your well-being, along with competitive compensation. Our benefits and perks include but not limited to:
  • Restricted Stock Units (RSUs)
  • Profit Share and/or Incentive Bonus
  • Medical, Prescription, Vision, and Dental insurance for employees and dependents (Wolfe pays 80% of premium)
  • Short-Term Disability Insurance (Wolfe pays 100% of premium)
  • Voluntary Long-Term Disability Insurance, Life Insurance, Critical Illness Insurance, Accident Insurance, and Hospital Indemnity coverage
  • PTO (vacation and sick time)
  • Corporate Holidays and Floating Holidays
  • 401(k)
  • Employee recognition program
  • Charitable Donation to a charity of your choice yearly
  • Employee Referral Bonus
  • Tuition Reimbursement
  • Internal Training and Information sessions
  • Family Picnic, Holiday Party, and other outings
  • Internal Culture Club

About the Company

W

Wolfe, LLC