Flywire is seeking a Security Engineer II to join our Security Team. You will be responsible for ensuring security is built into our products from the ground up, supporting global development houses, and protecting confidential business and personal information.

What You'll Do

Define comprehensive security requirements for every new system, service, or integration.
Own threat modeling and secure architecture initiatives to prevent vulnerabilities at the design stage.
Perform lead tasks, providing guidance to other team members and setting technical standards.
Attend engineering syncs and collaborate with different squads to identify and address security issues in real-time.
Perform deep-dive security reviews, from source code auditing to dynamic testing of live applications.
Execute technical tasks on change and integration reviews to ensure 'security-first' deployments.
Be an active part of the secure software development lifecycle (S-SDLC).
Provide expert guidance to developers on how to mitigate and fix security flaws.

What We're Looking For

4+ years in Application Security (AppSec).
Proven experience performing web application penetration tests and vulnerability research.
Strong skills in source code auditing and development of custom security tools.
Proficiency in Ruby on Rails, Python, Bash, Java, Node.js, among others, focusing on identifying vulnerabilities at the logic and code level.
Ability to think like an attacker to identify flaws while effectively crafting mitigating controls.
Deep understanding of OWASP Top 10 and the OWASP Top 10 for LLM Applications (AI-driven security).
Working experience with OAuth, SAML, and SSO.
Experience with SAST/DAST/SCA tools and integrating them into CI/CD pipelines.
Knowledge of security audit certifications such as PCI-DSS, SOC 1, and SOC 2.
Ability to explain complex technical findings to both technical and non-technical audiences with empathy and clarity.