Application Security Engineer

About Uphold

The Web3 economy will redefine how financial value is managed and exchanged - with much of this activity shifting towards blockchain networks and digital assets.

Founded in 2013, Uphold is a Web3 financial platform that supports almost 300 digital assets, serving as a Regulated Gateway to the Web3 economy.

With integrations with 27 blockchain networks and a robust trading engine connected to 30 underlying venues, the Uphold platform enables users to trade ‘Anything-to-Anything’ with competitive pricing and deep liquidity.

To date, Uphold has facilitated over 120 million transactions worth $40 billion, serving 10 million customers across 150+ countries.

Uphold strips away the complexity and lack of transparency to open up Web3 finance for everyone.

To learn more about Uphold, please visit https://uphold.com.

The opportunity:

Uphold is looking for an Application Security Engineer to join our Cyber Security team and play a key role in strengthening the security posture of our software development lifecycle. This role requires close collaboration with development teams to enhance the triage process, refine security workflows, and ensure security insights lead to tangible improvements.

You'll be actively involved in sprint planning meetings, integrating security into the development pipeline to ensure that critical vulnerabilities are identified, assessed, and addressed effectively. A key focus will be on implementing security quality gates and optimizing security feedback loops, ensuring every release meets high security standards without disrupting development velocity.
This is an opportunity to make a real impact, working in an environment where security is not just a compliance requirement but an integral part of building resilient and high-quality applications.

What you'll be doing primarily:

• Refining the security triage process, ensuring vulnerabilities are assessed and prioritized based on real-world risk impact.
  
• Working closely with development teams to embed security into sprint planning and development workflows.
  
• Implementing quality gates in CI/CD pipelines to align security findings with development cycles.
  
• Tuning and optimizing security tooling, including SAST, SCA, secrets scanning, and the vulnerability management process.
  
• Conducting deep code reviews and proof-of-impact PoCs to validate and prioritize security issues.
  
• Providing actionable remediation paths, ensuring security issues are resolved efficiently.
  
• Continuously improving security workflows and aligning them with product and engineering priorities.
  
• Staying ahead of evolving threats and adapting security processes to mitigate risks proactively.
  

Required qualifications:

• Experience integrating security tools into CI/CD pipelines.
  
• Strong understanding of SAST, SCA, secrets scanning, and vulnerability management programs.
  
• Experience triaging security findings, prioritizing risks, and validating security impact.
  
• Comfortable working directly with developers in sprint planning meetings to align security with development workflows.
  
• Experience defining security quality gates to improve overall software security posture.
  
• Strong problem-solving skills with a practical and developer-friendly approach to security.

Bonus if you have:

• Strong problem-solving skills with a practical and developer-friendly approach to security.
• Bachelor’s or Master’s degree in Computer Science, Software Engineering, Cyber Security, or a related field.
  
• 3+ years of hands-on coding experience in Python, JavaScript, Go, or other modern programming languages.
  
• Bug bounty findings or contributed to responsible vulnerability disclosures.
  
• Community talks, certifications, and/or blog posts on your interests and research.
  
• Open source project contributions of any kind, such as tools developed to solve specific problems you’ve had or fixing issues on
• existing projects.
  
• Relevant Security Certifications (e.g. OSWE, CDP)

What we have to offer you:

• Security-Driven Development Culture: Work in an environment where security is deeply integrated into engineering.
• Innovation and Impact: Contribute to pioneering projects in a dynamic and challenging environment.
• Competitive Compensation: Stock options, performance bonuses, and comprehensive benefits on top of a competitive salary.
• Strong Company Culture: Thrive in a supportive, collegiate environment with values of integrity, teamwork, accountability, and excellence.
• Global Collaboration: Participate in regular updates, strategy sessions, and networking opportunities across the group.
• Development Opportunities: Access training and mentorship programs.
• Flexibility: Enjoy options to work from home, other locations, or adjust your hours.

Benefits:

• Annual bonus program based on individual, team and company performance.
  
• Home office stipend for a productive setup.
  
• Generous PTO, healthcare, and employee assistance programs.
  
• Engaging events and celebrations.
  
• Well-stocked office kitchen with a foodie culture.

Join our team and embark on a fulfilling career where you'll have the opportunity to grow, innovate, and contribute to something meaningful. Come and be a part of our talented team!

If this job isn’t exactly what you are looking for, visit our careers page to check out all our exciting opportunities.

EEOC Employer

We're proud to be an Equal Opportunity Employer and we celebrate our employees' differences, including race, color, religion, gender identity, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, disability, and any other protected classes. Difference makes us stronger and better - together.