
Posted 1 day ago
Application Security Engineer
PittsburghOn-siteFull-time
AI Summary
About WolfeRecognized among Pittsburgh's 2024 Top Workplaces and Fastest-Growing Companies, Wolfe has been a leader in the Gift Card and FinTech sectors for over 25 years.
About this role
About Wolfe
Recognized among Pittsburgh's 2024 Top Workplaces and Fastest-Growing Companies, Wolfe has been a leader in the Gift Card and FinTech sectors for over 25 years. We partner with national brands such as Pizza Hut, KFC, Pandora Jewelry, Kendra Scott, Wawa, Journeys and others to manage their gift card programs. Our flagship consumer brand, PerfectGift.com, enables customers to create customized gift cards. We are a fast-paced environment, like kayaking down a white-water river, not canoeing on a lake.
About The Role
Wolfe is a Pittsburgh-based FinTech company building the next generation of financial products, and we are actively embedding AI across our product, our internal processes, and the way our teams work day-to-day. As an Application Security Engineer, you'll work hands-on alongside developers and DevOps engineers to build security into how we ship software — reviewing code, improving AI agent behaviors, hardening CI/CD pipelines, and helping teams find and fix vulnerabilities across application code, containers, and cloud infrastructure. This role is built for growth: whether you're a developer moving into security or an early-career security engineer expanding into application security, you'll learn enterprise security tooling — including AI/ML and LLM-powered tools — with support to earn certifications and grow alongside a security team that mentors in person.
Recognized among Pittsburgh's 2024 Top Workplaces and Fastest-Growing Companies, Wolfe has been a leader in the Gift Card and FinTech sectors for over 25 years. We partner with national brands such as Pizza Hut, KFC, Pandora Jewelry, Kendra Scott, Wawa, Journeys and others to manage their gift card programs. Our flagship consumer brand, PerfectGift.com, enables customers to create customized gift cards. We are a fast-paced environment, like kayaking down a white-water river, not canoeing on a lake.
About The Role
Wolfe is a Pittsburgh-based FinTech company building the next generation of financial products, and we are actively embedding AI across our product, our internal processes, and the way our teams work day-to-day. As an Application Security Engineer, you'll work hands-on alongside developers and DevOps engineers to build security into how we ship software — reviewing code, improving AI agent behaviors, hardening CI/CD pipelines, and helping teams find and fix vulnerabilities across application code, containers, and cloud infrastructure. This role is built for growth: whether you're a developer moving into security or an early-career security engineer expanding into application security, you'll learn enterprise security tooling — including AI/ML and LLM-powered tools — with support to earn certifications and grow alongside a security team that mentors in person.
We're looking for candidates who are enthusiastic about an in-office culture. This is a 5-day onsite role in Pittsburgh, PA.
Key Responsibilities
- Perform code reviews, SAST/DAST testing, basic penetration tests, and basic threat modeling, and work with developers to remediate vulnerabilities across application code, libraries, containers, and infrastructure as code.
- Integrate and run automated security tooling (such as Snyk, SemGrep, or Cycode) within CI/CD pipelines across code repositories (such as GitHub, GitLab, Jenkins, or AWS DevOps), and help automate findings triage and reporting.
- Manage a vulnerability management program, vulnerability scanning tools and the enterprise Bug Bounty program, tracking and prioritizing remediation against defined SLAs.
- Help operate and improve Bot Management, WAF, secrets management, and API security controls across Wolfe's applications.
- Apply and promote secure coding standards aligned to OWASP and SANS CWE Top 25, and contribute to measuring DevSecOps maturity using a framework such as DSOMM or BSIMM.
- Partner with developers, security operations, product management, and incident response teams, sharing secure-coding and vulnerability-management practices as you grow your own expertise.
Impact Statement
For more clarity on the role, below are the success metrics and measurements for this role in the first 90 to 120 days.:
- Update existing Application Security Strategy and make improvements on monitoring and reporting on KPI’s
- Make a significant improvement to least one automated security tool (DAST, SAST, SCA, or container scanning) in the production CI/CD pipeline, with results feeding a documented triage workflow.
- Driving additional Bug Bounty submissions and improve bot management turning & protections prior to end of Q3.
- Provide product and technology advisement and testing for new application and AI functionality
- Develop and plan a purposeful Application and AI development training program
Skills, Knowledge & Expertise
- 2+ years of experience in application security, DevSecOps, or software development with security exposure — including developers looking to move into a dedicated security role — plus a Bachelor's in Information Security, Cybersecurity, Computer Science, or a related field (equivalent experience accepted in lieu of a degree).
- A real coding background and working knowledge of secure coding principles (OWASP Top 10, SANS CWE Top 25).
- Some hands-on exposure to CI/CD pipelines (GitHub, GitLab, Jenkins, or AWS DevOps) and an interest in integrating security tooling into them.
- Strong verbal and written communication skills, with the ability to explain security concepts to both technical and non-technical teammates.
- Eagerness to learn enterprise security tooling (vulnerability scanners, Bot Management, SAST/DAST/SCA) and maturity frameworks like DSOMM or BSIMM — deep prior experience with these is a plus, not a requirement.
- No certifications required; experience with CISSP, OSCP, GCSA, AWS Security Specialty, or CSSLP is a plus, and we'll support you in earning them.
Benefits
Wolfe is committed to providing a comprehensive benefits package to support your well-being, along with competitive compensation. Our benefits and perks include but not limited to:
- Restricted Stock Units (RSUs)
- Profit Share and/or Incentive Bonus
- Medical, Prescription, Vision, and Dental insurance for employees and dependents (Wolfe pays 80% of premium)
- Short-Term Disability Insurance (Wolfe pays 100% of premium)
- Voluntary Long-Term Disability Insurance, Life Insurance, Critical Illness Insurance, Accident Insurance, and Hospital Indemnity coverage
- PTO (vacation and sick time)
- Corporate Holidays and Floating Holidays
- 401(k)
- Employee recognition program
- Charitable Donation to a charity of your choice yearly
- Employee Referral Bonus
- Tuition Reimbursement
- Internal Training and Information sessions
- Family Picnic, Holiday Party, and other outings
- Internal Culture Club