• Responsible for designing, implementing, and maintaining application security practices across the organization • Partner closely with engineering, DevOps, and the broader Information Security team • Embed security into the software development lifecycle (SDLC) • Ensure applications are resilient against evolving threats • Apply deep knowledge of application security architecture and design principles • Review application architectures to identify security risks and recommend appropriate controls and mitigation strategies • Design and implement secure coding standards, guidelines, and patterns aligned with industry best practices • Lead and support the implementation of a secure SDLC • Ensure security requirements are consistently applied across cloud, web, mobile, and API-based applications • Perform and facilitate threat modeling exercises with development teams • Conduct risk assessments and provide actionable guidance to reduce application-level security risk • Lead application security assessments, including static and dynamic analysis, architecture reviews, and manual testing • Perform and oversee code reviews to identify security vulnerabilities and design flaws • Serve as a trusted security advisor to development teams • Develop and deliver security training and awareness content for developers and technical stakeholders • Monitor relevant threat intelligence sources related to application and software supply chain risks

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description We are looking for a Sr. Full Stack Application Security Engineer with deep expertise in mobile application security to join our Product Security team. This role is hands-on and impact driven. You will work directly with mobile, backend, and platform engineering teams to identify, prevent, and remediate security issues across our iOS, Android, API, and backend systems. You will operate close to the code and close to the product. That means reviewing architectures across the stack, influencing secure design decisions early, and helping teams ship features safely without slowing delivery. This role is for someone who understands how modern distributed systems and mobile apps are built, deployed, and attacked in real-world environments. While mobile application security is a core focus, you will be part of a team that owns security posture across the full application stack including APIs, backend services, identity and authentication flows, and CI/CD pipelines. In this role, you can expect to: - Build and improve security capabilities, automation, and guardrails for mobile applications and backend/API services - Perform application or API/backend penetration testing - Identify, triage, and help remediate vulnerabilities across Chime products - Partner closely with engineering and product teams to embed security into the development lifecycle across mobile apps, APIs, and backend services - Perform architecture and code reviews across the stack (iOS/Android, APIs, backend) with a focus on secure data storage, authentication, authorization, secure communication, and session/token handling - Leverage AI to accelerate security workflows (e.g., code review support, triage, threat modeling), and partner with teams building AI-enabled features to define and implement production-grade AI security controls Qualifications - 5+ years of experience in application security, with strong hands-on experience across both mobile and backend systems - Hands on experience securing iOS and Android applications in production environments - Strong understanding of mobile threat models and common attack techniques - Experience with mobile security testing techniques, including static and dynamic analysis - Familiarity with iOS and Android platform security features and limitations - Practical coding experience, preferably in Ruby, Go, Python languages - Ability to clearly communicate security risks, tradeoffs, and remediation guidance to engineering partners Benefits - Competitive salary based on experience - 401k match - Great medical, dental, vision, life, and disability benefits - Generous vacation policy and company-wide Chime Days, bonus company-wide paid days off - 1% of your time off to support local community organizations of your choice - Annual wellness stipend to use towards eligible wellness related expenses - Up to 24 weeks of paid parental leave for birthing parents and 12 weeks of paid parental leave for non-birthing parents - Access to Maven, a family planning tool, with $15k lifetime reimbursement for egg freezing, fertility treatments, adoption, and more - In-person and virtual events to connect with your fellow Chimers—think cooking classes, guided meditations, music festivals, mixology classes, paint nights, etc., and delicious snack boxes - A challenging and fulfilling opportunity to join one of the most experienced teams in FinTech and help millions unlock financial progress

• Conduct regular security assessments, secure code reviews, threat modeling, and penetration testing • Plan and execute security testing for LLM-enabled applications • Assess sensitive data exposure risks and validate compensating controls • Evaluate risks in tool/function calling and recommend mitigations • Design, develop, and implement security tools and automation • Partner with engineering teams to embed security best practices across the SDLC • Assist with investigation and response for application security incidents • Maintain awareness of emerging application and AI security threats

• Design and implement scalable, developer-friendly security solutions that integrate directly into engineering workflows • Lead threat modeling, design reviews, and code reviews for new features and major product launches • Build and evolve secure-by-default frameworks for authentication, authorization, input validation, and secrets management • Develop and integrate automated security tooling into CI/CD pipelines (e.g., linters, dependency scanners, policy enforcement) • Collaborate with product and engineering teams to remediate vulnerabilities, and contribute to incident response and postmortems • Own, manage, and improve our third-party penetration testing engagements and bug bounty program, working closely with external security researchers to identify and resolve vulnerabilities • Stay current on emerging threats and attack techniques, and drive ongoing maturity of our application security posture