Thrivent Financial logo
Thrivent Financial

Thrivent Financial is a faith-based, nonprofit financial services organization dedicated to helping Christians manage their money wisely and generously. Owned b

Engineer - Java

Location

United States

Posted

3 days ago

Salary

$81.5K - $110.3K / year

Seniority

Mid Level

Job Description

Engineer - Java

Thrivent Financial

Role Description As an Engineer you will create and/or modify solutions to complex software problems. This includes coding, testing, debugging, documenting, and maintaining those solutions. You will participate in leading smaller engineering efforts as well as contributing to larger, enterprise-wide initiatives. The Engineering teams are challenged to partner across departments and divisions to achieve the best outcomes for our customers. DUTIES & RESPONSIBILITIES: - Designing Solutions: - Apply technical knowledge to drive outcomes for customers. - Ability to work and problem solve independently on initiatives that align to the broader software engineering strategy. - Proficient at designing solutions within core framework of software products within this team. - Participate in low level design for the product area / within the team. - Designing Software: - Use independent, critical thinking to solve complex problems which are significant to the customer. - Member of team that can work independently, as well as collaboratively with team, in developing core software for the product that delivers outcomes. - Consistent and dependable in delivering core software that delivers outcomes and meets/exceeds the teams expectations for stability, scalability, resilience, etc. - Learning and Applying New Techniques: - Seek out opportunities to learn new technologies that improve the product and its lifecycle. - Collaborating within the Team: - Participate in team’s collaboration sessions to provide technical expertise to solve a problem/remove technical roadblocks for the team. - Participate in product planning and implementation. Helps team to understand and decompose work. - DevOps: - Participates in the team support rotation and builds knowledge on focus subsystems. - Coaching Engineers: - Provide technical expertise and help the team to solve technical/software issues. - Provide trainings to the junior developers and groom them. - Recruiting/Building Talent: - Participate in the interview process or be part of the panel to recruit the right talent to the team. - Models Thrivent’s leadership competencies – courage, collaboration, and commitment by demonstrating resiliency, working together to make the best decisions, and holding yourself and others accountable. - Supports and/or develops an environment in which Thrivent employees and colleagues are focused on continuous improvement, exceptional employee engagement, and an unwavering commitment to our clients. - Shapes and/or supports a culture that represents the Thrivent purpose, promise and values, ensuring that Thrivent’s trust and reputation remain strong with its clients. - Perform other related duties as required. Qualifications - Required: - Bachelor's degree in Computer Science or other technical field or equivalent work experience. - 3 to 5 years of Engineering experience. - Experience using the following technical skills: Java, REST API's, Kafka, Spring Boot, Spring Integration, GitHub. - Experience using AI Tools to improve engineering productivity. - Sound knowledge of Software Development Life Cycle (SDLC). - Knowledge of industry standard Software Development Life Cycle (SDLC) practices. - Knowledge of systems design concepts that provide security and stability. - Deep knowledge of Operating Systems and/or Application Development Platforms. - Ability to debug code and/or complex log files for troubleshooting and analysis of product defects. - Sound understanding of application engineering concepts. - Knowledge/experience with querying databases for data lookup/update. - Preferred: - Financial Services industry experience. - Coach / mentor other team members as appropriate. - GitHub experience. - Playwrite Test Automation. Requirements - Thrivent’s long-term growth depends on attracting, rewarding, and retaining people who are committed to helping others thrive with purpose. - The applicable salary or hourly wage range for this full-time role is $81,537.00 - $110,315.00 per year, which factors in various geographic regions. - The base pay actually offered will be determined by a variety of factors including, but not limited to, location, relevant experience, skills, and knowledge, business needs, market demand, and other factors Thrivent deems important. Benefits - Various bonuses (including, for example, annual or long-term incentives). - Medical, dental, and vision insurance. - Health savings account. - Flexible spending account. - 401k. - Pension. - Life and accidental death and dismemberment insurance. - Disability insurance. - Supplemental protection insurance. - 20 days of Paid Time Off each year. - Sick and Safe Time. - 10 paid company holidays. - Volunteer Time Off. - Paid parental leave. - EAP. - Well-being benefits, and other employee benefits. - Eligibility for receipt of these benefits is subject to the applicable plan/policy documents. - Thrivent’s plans/policies are subject to change at any time at Thrivent’s discretion.

Related Categories

Related Job Pages

More Application Engineer Jobs

Reltio logo

Staff Application Security Engineer

Reltio

Reltio is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.

Full TimeRemoteTeam 345Since 2011

Role Description As a senior individual contributor on the Application Security team, the Staff Application Security Engineer will help to define and drive Reltio’s application and product security architecture across a distributed, cloud-native SaaS platform. This role helps in the technical direction for securing how Reltio designs, builds, and ships software—helps to define the strategy and roadmap for secure SDLC, shift-left automation, and the secure adoption of API-driven and AI/agentic technologies. The Staff Application Security Engineer will partner with the Engineering, DevOps, Product, and Release Management teams to embed security as a foundational part of software design and delivery. The successful candidate will set standards, mentor and uplevel other security and engineering staff, lead complex threat modeling and architecture reviews, and develop novel techniques to identify and stop application- and AI-layer attacks—protecting Reltio’s intellectual property and customer data globally. Job Duties and Responsibilities - Security Architecture & Technical Leadership - Serve as the senior application security subject matter expert, providing guidance on industry best practices, secure design patterns, and defense-in-depth strategies for the product security architecture. - Helps to define and drive the overall application/product security architecture, vision, strategy, and roadmap across Reltio’s platform and services. - Influence engineering architecture and roadmap decisions without direct authority, driving risk-based consensus across teams. - Mentor and uplevel application security engineers and development teams, raising the secure-coding maturity of the broader organization. - Secure Development Lifecycle & Shift-Left - Embed security throughout the SDLC, from design through deployment, and define secure coding standards and best practices adopted across teams. - Drive shift-left initiatives by providing guidance, tooling, paved-road patterns, and remediation support that enable engineers to build securely from the outset. - CI/CD Pipeline Security - Design and implement security controls within CI/CD pipelines, enabling automated security testing and vulnerability detection at scale. - Operationalize SAST, SCA, DAST, and secrets scanning as policy-driven, low-friction gates; partner with release management on secure deployment checks and policy compliance. - Threat Modeling & Risk Assessment - Lead threat modeling sessions for complex, high-impact systems to identify and mitigate security risks early in design and architecture phases. - Perform technical risk assessments of new technology and ensure solutions meet secure architecture designs; assess, measure, and clearly communicate risk impact to stakeholders. - Vulnerability Management - Analyze and validate remediation of application security findings from SAST, SCA, DAST, API testing, penetration tests, and manual assessments. - Drive risk-based prioritization of fixes, reduce false positives, and provide clear, actionable remediation guidance with proper pre-release validation. - API Security - Partner with engineering to ensure secure API design and implementation; identify and mitigate authentication/authorization issues, data exposure, rate-limiting gaps, and OWASP API Top 10 risks. - AI & Agentic Security (Guardrails, MCP, LLM) - Helps to define AI security guardrails for Reltio’s AI and multi-agent platforms, addressing prompt/output validation, insecure model usage, data leakage, and tenant-isolation concerns. - Establish security standards for Model Context Protocol (MCP) servers and tools—covering tool authorization, scoping, and abuse prevention—and lead threat modeling of agentic workflows (autonomous tool use, indirect prompt injection, excessive agency). - Develop new and novel defense techniques to detect and stop advanced application- and AI-layer adversary tactics, and evaluate AI-assisted security tooling to scale detection and remediation. - Penetration Testing & Security Validation - Perform and oversee application, API, and AI/agent penetration testing; build and curate test payloads (including prompt-injection and guardrail bypass suites) and validate control effectiveness. - Training, Collaboration & Continuous Improvement - Deliver secure-coding, API, and AI-security guidance and hands-on support during code and design reviews. - Partner with DevOps, QA, Engineering, Product, and Release Management to integrate security requirements throughout development and release. - Stay current on emerging application, API, and AI/agentic security threats and continuously improve security processes, tooling, and overall posture. - Investigate security events and incidents leveraging security tooling, and support customer-facing security communications as needed. Qualifications - 8+ years of experience in application security or software development, including significant time in a cloud-native or SaaS environment. - Demonstrated technical leadership as a senior individual contributor: setting standards, driving cross-team initiatives, and influencing architecture without direct authority. - Hands-on experience with secure coding practices and modern application development; proficiency leading secure code reviews. - Strong understanding of cloud well-architected frameworks, application development, and deployment workflows. - Strong understanding of application security vulnerabilities (OWASP Top 10) and prevention strategies. - Strong understanding of API security principles and the OWASP API Top 10. - Experience integrating security into CI/CD and release management processes (e.g., Jenkins, ArgoCD, or similar). - Experience with application security testing methodologies—SAST, SCA, and DAST—integrated into CI/CD pipelines. - Experience with AI security concepts, including guardrails, prompt and output validation, data protection, and MCP security. - Hands-on experience with web technologies such as Java, Java Spring Boot, JavaScript, Node.js, C#, modern UI frameworks, microservices, and cloud-native/serverless architectures. - Experience with AWS, GCP, and/or Azure, and securing containerized environments and Kubernetes. - Hands-on experience with Burp Suite Pro for web and API testing. - Experience with modern application security platforms, with Wiz preferred (other AppSec tools acceptable). - Strong communication and presentation skills, with the ability to educate, collaborate, and drive risk-based consensus. - Self-starter with a history of driving technical initiatives; adaptable, agile, and effective in global, distributed teams. Skills That Are Nice to Have - Hands-on experience securing LLM applications and multi-agent systems, including agentic guardrail frameworks (e.g., NeMo Guardrails, AWS Bedrock Guardrails) and MCP gateway/tool security. - Experience building or operationalizing AppSec automation/orchestration (SAST/SCA/secrets + AI analysis) and defect-management integration (e.g., DefectDojo). - Experience with commercial AppSec/SCA platforms such as Wiz Code, Veracode, Checkmarx, Cycode, or SonarQube. - Experience developing and operationalizing a vulnerability management or product security program at scale. - Experience with industry frameworks such as SOC 2, HITRUST, or ISO 27001, and supporting audit/customer-assurance processes. - Applying ML/AI techniques to enhance security detection, anomaly identification, and automated risk prioritization. - Relevant security and cloud certifications. Compensation Overall Market Range: $114,000 — $240,000 USD Equal Opportunity Statement Reltio is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. Reltio is committed to working with and providing reasonable accommodation to applicants with physical and mental disabilities.

United States
$114K - $240K / year
Monato logo

Application Security Engineer

Monato

Infraestructura financiera para tu empresa, escalable en un solo lugar.

Full TimeRemoteTeam 51-200Since 2024H1B No Sponsor

Role Description Buscamos un/a Application Security Engineer que encuentre y reporte vulnerabilidades en las aplicaciones, APIs, pipelines de CI/CD y sistemas de IA de Monato antes de que lo haga un atacante, para proteger la infraestructura de pagos B2B que usan nuestros clientes. Buscamos un/a Application Security Engineer para ser el owner del track Secure SDLC y de la validación ofensiva del programa de seguridad, asegurando que las vulnerabilidades críticas se detecten y remedien antes de llegar a producción, y contribuyendo a que Monato opere una plataforma de pagos confiable y segura en un entorno regulado. Tasks - Ejecutar pruebas de penetración sobre los aplicativos de Monato (Pagos, Finch, Conciliación y APIs internas y externas), cubriendo lógica de negocio, autenticación y OWASP Top 10, y coordinando pentests con proveedores externos. - Operar el programa de bug bounty, definiendo scope y reglas de engagement, haciendo triage de reportes y coordinando la remediación con los equipos de producto. - Construir el track Secure SDLC, integrando SAST, SCA, secret scanning, SBOM y firma de imágenes (Cosign + SLSA) en los pipelines de CI/CD para bloquear problemas antes del merge. - Evaluar la seguridad de los sistemas de IA y agentes, probando prompt injection, tool poisoning, RAG poisoning y abuso de workflows agénticos con base en OWASP LLM Top 10 y MITRE ATLAS. - Validar las detecciones del Blue Team, ejecutando simulaciones de TTPs del sector financiero (framework ATT&CK, BAS continuo) y ejercicios Purple Team con informe mensual de cobertura. - Producir threat models de los componentes críticos (pipeline de pagos, APIs externas, sistemas de IA), participando en revisiones de arquitectura y reportando al CISO el cumplimiento del Secure SDLC. Qualifications - 4+ años de experiencia en Application Security, Penetration Testing o Red Team, con enfoque en aplicaciones web, APIs y entornos cloud. - Experiencia ejecutando pruebas de penetración en aplicaciones financieras o de pagos: lógica de negocio, autorización y flujos de transacción. - Experiencia práctica atacando o evaluando sistemas que usan LLMs y agentes (prompt injection, jailbreaking, tool poisoning, data leakage), con OWASP LLM Top 10 y MITRE ATLAS como marcos de referencia. - Experiencia integrando SAST/SCA (Semgrep, CodeQL, Snyk o equivalente) y secret scanning (GitGuardian, TruffleHog) en pipelines de CI/CD con GitHub Actions o equivalente. - Dominio de Burp Suite Pro y scripting en Python para automatización de pruebas y análisis de resultados. - Conocimiento práctico de OWASP Top 10, OWASP API Security Top 10 y arquitecturas cloud (AWS) desde la perspectiva de un atacante. - Experiencia con herramientas de simulación adversarial: Atomic Red Team, Caldera, AttackIQ o SafeBreach. - Haber operado o participado activamente en un programa de bug bounty, desde el triage o el hunting. - Hallazgos críticos en sistemas de IA en producción (CVE, writeup o CTF), historial en HackerOne/Bugcrowd en fintech, o certificaciones OSCP, OSWE, BSCP, GWAPT o GPEN (nice to have). Benefits - Un rol con ownership real sobre el track Secure SDLC y la validación ofensiva del programa de seguridad. - Exposición directa a la infraestructura de pagos B2B en México y a la seguridad de sistemas de IA en producción. - Espacio para experimentar, proponer y construir. - Crecimiento profesional acelerado dentro de una fintech en etapa de construcción y escala. - Cultura de trabajo flexible y enfocada en ejecución.

Mexico
Prysmian logo

Applications Engineer

Prysmian

The world leader in energy and telecoms cable systems

Full TimeRemoteTeam 10,001+H1B Sponsor

• Providing technical support to Power Distribution customers in the Southeast United States • Working with territory sales managers to promote new and existing products • Assisting R&D in developing customer-centric new offerings and cost-savings opportunities • Providing technical responses to customer inquiries • Participating in major quotes and bids with key customers • Working with Design Engineering to provide product optimizations • Providing corrective action reports and responses to quality concerns • Participating in critical customer SRM meetings and customer scorecard reviews • Working closely with R&D to develop new products and cost-saving opportunities

Florida
Monato logo

Application Security Engineer

Monato

Infraestructura financiera para tu empresa, escalable en un solo lugar.

Full TimeRemoteTeam 51-200Since 2024H1B No Sponsor

• Ejecutar pruebas de penetración sobre los aplicativos de Monato (Pagos, Finch, Conciliación y APIs internas y externas), cubriendo lógica de negocio, autenticación y OWASP Top 10, y coordinando pentests con proveedores externos. • Operar el programa de bug bounty, definiendo scope y reglas de engagement, haciendo triage de reportes y coordinando la remediación con los equipos de producto. • Construir el track Secure SDLC, integrando SAST, SCA, secret scanning, SBOM y firma de imágenes (Cosign + SLSA) en los pipelines de CI/CD para bloquear problemas antes del merge. • Evaluar la seguridad de los sistemas de IA y agentes, probando prompt injection, tool poisoning, RAG poisoning y abuso de workflows agénticos con base en OWASP LLM Top 10 y MITRE ATLAS. • Validar las detecciones del Blue Team, ejecutando simulaciones de TTPs del sector financiero (framework ATT&CK, BAS continuo) y ejercicios Purple Team con informe mensual de cobertura. • Producir threat models de los componentes críticos (pipeline de pagos, APIs externas, sistemas de IA), participando en revisiones de arquitectura y reportando al CISO el cumplimiento del Secure SDLC.

Mexico