Remote
Full Time
Intermediate or Experienced
Mexico
Spain
Portugal
Poland
About Fountain
When you join the Fountain team, you become part of the leading enterprise solution for frontline workforce management. Fountain’s automated, customizable platform provides a seamless applicant experience for workers, while ensuring organizations can scale and manage their frontline talent.
We’ve helped hundreds of companies like UPS, CLEAR, Stitch Fix, GoPuff, Fetch, and sweetgreen to hire, onboard, and manage over 14 million workers in more than 75 countries.
In 2022, we closed $185M in our Series C, led by SoftBank and B Capital.
Join our growing team of highly collaborative, ambitious, and forward-thinking Fountaineers as we empower our hundreds of customers and millions of frontline workers around the world.
Let’s elevate frontline work together.
About the job
We are looking for a highly motivated Application Security Engineer to join our platform team. In this role, you will be a crucial bridge in securing our platforms, proactively embedding security into our development process.
Our core application relies heavily on TypeScript/JavaScript and Ruby. We’re looking for someone with an eagerness to dive into the code, hunt and patch vulnerabilities, and be able to build security features in our platform. You will have the opportunity to learn from experienced security professionals, grow your skill set, and make a tangible impact on a platform used by millions of applicants globally.
What You’ll Be Doing:
• Secure the Codebase: Assist in performing manual and automated security code reviews on our primarily TypeScript/JavaScript and Ruby repositories.
• Vulnerability Management: Triage, validate, and prioritize security findings from our automated scanners (SAST/DAST/SCA) and external bug bounty programs.
• DevSecOps Support: Help maintain and tune security tooling within our CI/CD pipelines to ensure we catch flaws before they reach production.
• Collaborate and Educate: Partner closely with software engineers to explain security risks, provide remediation guidance, and promote a culture of secure coding.
• Threat Modeling: Shadow and assist senior security engineers in threat modeling sessions to identify potential attack vectors during the design phase of new features.
• Incident Response: Support the security team in investigating and mitigating application-level security alerts and incidents.
What You Should Bring:
• Experience: 1–3 years of experience in software development, IT, or cybersecurity (can include equivalent internships, bootcamps, or personal security research).
• Technical Knowledge: A solid foundational understanding of web application architecture and common security flaws (e.g., OWASP Top 10, CWE).
• Code Fluency: The ability to read, understand, and write basic code in TypeScript/ JavaScript or Ruby. You should feel comfortable navigating a modern software repository.
• Problem Solving: An analytical mindset with a passion for figuring out how things work—and how to break them safely.
• Communication: Excellent written and verbal communication skills. You can explain a technical vulnerability to a developer without sounding accusatory (we assume positive intent and build trust!).
• Drive: A "Run" mentality. You are a self-starter who rejects complacency and is eager to continuously learn and grow in the AppSec space.
Bonus Points:
• Hands-on experience with modern application security testing tools (e.g., Burp Suite, Snyk, Aikido, ZAP).
• Familiarity with assessing codebases and platforms using AI tooling. • Familiarity with cloud security concepts (AWS ). • Active participation in Bug Bounty platforms.
• Basic understanding of containerization and orchestration (Docker, Kubernetes).
Benefits
Health Insurance
Dental Insurance
Paid Time Off (PTO)
Paid Holidays
Sick Leave
Remote Work
Professional Development
Parental Leave
Even if you do not meet all the requirements above, we still encourage you to apply for this position. While we try to be thorough with our prerequisites, not everything about you as a candidate can be condensed into a list of bullet points. What do you have to lose?
Fountain offers an incredibly unique work environment. We employ a diverse team all over the world. Each Fountaineer is given the freedom to do their best work from wherever they choose. We also understand the importance of in-person connections and hold in-person meetings with your team and meet annually as an organization to build our relationships and focus on the future of moving Fountain Forward.
The benefits we offer in the United States include competitive health plans and a retirement plan. Some Fountain-wide perks offered to all employees across the globe include a flexible vacation policy, paid holidays, monthly lunch stipends, annual allowances for ongoing education related to your profession and career advancement, along with home office, cell phone, and wellness reimbursements. Fountain is a global employer, so some benefit offerings will vary from country to country.
Fountain is proud to be an equal opportunity workplace. We welcome applicants of any educational background, gender identity and expression, sexual orientation, religion, ethnicity, age, socioeconomic status, disability, and veteran status.
By submitting an application, you confirm that you have read our Privacy Policy and agree that we may process and retain your personal data for the purpose of recruitment in accordance with applicable data protection laws.
#LI-Remote