Staff Application Security Engineer

Staff Application Security Engineer Join LEDN as a full‑time Staff Application Security Engineer. The Opportunity We are seeking a full‑time Staff Application Security Engineer with deep expertise in Application Security, Identity & Access Management, and Confidential Computing to strengthen the security of our Bitcoin‑backed loan platform. Security is fundamental to protecting our customers and business, and this role will drive both tactical improvements and long‑term strategy for securing our applications and authentication systems. You’ll work across our JavaScript/TypeScript services, AWS serverless stack (Lambda, API Gateway, Cognito, SNS, SQS), MongoDB, and Kubernetes microservices, and take ownership of evolving our authentication layer toward modern, phishing‑resistant approaches. In addition, you’ll design and operate AWS Nitro Enclaves to protect critical data and cryptographic operations in isolated, verifiable environments. Application Security : Lead secure design and code reviews, enforce secure coding practices, automate vulnerability detection (SAST, SCA, DAST), conduct threat modeling, partner with engineers to remediate vulnerabilities. Authentication & Identity : Own the roadmap for authentication and identity, enhance Cognito‑based architecture with stronger MFA solutions (WebAuthn, passkeys, hardware tokens), define secure session management and account recovery. Confidential Computing (AWS Nitro Enclaves) : Design enclave‑based architectures, integrate Nitro Enclaves with KMS, migrate high‑value operations into enclave environments, ensure compliance, auditability, resilience. Additional Security Domains : Harden AWS services with least‑privilege IAM, improve Kubernetes security posture, deploy SIEM framework with detection rules and playbooks, support compliance initiatives (SOC 2, ISO 27001). What You Bring 10+ years of proven experience in Application Security focusing on web and cloud‑native applications. Strong knowledge of JavaScript/TypeScript/Golang/Python and modern web vulnerabilities (OWASP Top 10, auth bypasses, business logic flaws). Expertise with AWS security best practices, particularly serverless architectures. Hands‑on experience with AWS Nitro Enclaves for confidential computing. Deep understanding of authentication and authorization standards (OAuth2, OIDC, WebAuthn, FIDO2). Practical experience with Cognito / Auth0 (MFA, custom flows, secure session handling). Background in SIEM design and log correlation across cloud and application layers. Familiarity with Kubernetes security (RBAC, pod security, admission controls, image scanning). Experience with secure code review. Understanding of software supply chain and Linux internals. Strong communication and collaboration skills. Nice to Haves Familiarity with Bitcoin custody and key management practices. Knowledge of Infrastructure as Code security (Terraform, AWS CDK). Prior work on user‑facing security features such as passwordless authentication, recovery flows, or device trust. Culture Fit Passion for progress, adaptability, and resilience in a high‑growth, fast‑paced environment. Builder's mindset, excited to create, iterate, and scale IS practices. Collaborative partner with empathy and clarity. Integrity and accountability, especially when managing confidential information. Experience working remotely. A Taste of What We Provide Comprehensive total rewards package starting on day one. Competitive paid time off. Ownership opportunity and shared equity. Remote‑first environment: work anywhere worldwide for up to 180 days (subject to restrictions). Career purpose and growth opportunities. We are an equal‑opportunity employer. We pride ourselves on inclusivity, diversity, and success that comes from diversity. We welcome accommodation requests throughout the recruitment process, and will address them confidentially. #J-18808-Ljbffr