Job Details

Our mission is to modernize the payments infrastructure for trucking and logistics. We're building Stripe for Transportation, centering our customers in every way and offering them world-class customer experience.

We have a strong founding team with backgrounds in payments, autonomous vehicles, and leading technology companies. We've raised $125 million+ from investors and have been named to Forbes' annual Next Billion-Dollar Startup List.

Job Description

AtoB is looking to hire a dedicated Application Security Engineer to join our small security team. You'll work cross-functionally with backend, frontend, DevOps, product, and compliance teams to push security forward in every part of our stack.

Responsibilities

• Design and implement security tooling, automation, and processes to support secure development, deployment, and operations
• Perform threat modeling, design reviews, and security assessments (API, web, mobile, microservices)
• Conduct secure code reviews, dynamic and static application security testing, and penetration testing
• Work closely with engineering teams to remediate identified security issues and embed secure practices in SDLC
• Investigate and respond to application-level security incidents or suspicious behavior
• Help define and enforce security standards, policies, and best practices across the engineering organization
• Maintain and improve application security infrastructure
• Stay abreast of new threats, vulnerabilities, and relevant industry practices and share knowledge

Requirements

• 4+ years of experience securing web and/or API-based applications in a production setting
• Hands-on experience with static analysis (SAST), dynamic analysis (DAST), interactive application security testing (IAST) or similar tools
• Experience performing manual code reviews in languages like Java, Python, Go, JavaScript/TypeScript
• Understanding of common web / API vulnerabilities (OWASP Top 10, API abuses, SSRF, injection, XSS, deserialization, etc.)
• Familiarity with authentication & authorization mechanisms (OAuth2/OIDC, JWT, session management, RBAC, etc.)
• Experience integrating security into a CI/CD pipeline (GitHub Actions, GitLab CI, Jenkins, CircleCI, etc.)
• Working knowledge of cloud platforms (AWS, GCP, Azure) and container/orchestration (Docker, Kubernetes)
• Strong problem-solving skills, ability to operate in ambiguity and drive security outcomes in fast-moving teams
• Excellent communication skills

Compensation Range: $180K - $200K

We are an equal opportunities employer and welcome applications from all qualified candidates.