Sr. Application Security Engineer

Your Role at Bolt

Bolt has created a best-in-class buying experience and made it available for all online businesses. With our help, retailers can eliminate the massive operational overhead and technical complexity associated with online checkout and payments, and consumers can buy instantly and securely across the internet. One by one, we’re rebuilding e-commerce infrastructure to make it less fragmented, less bloated, and more efficient. To solve such a large problem, we've put together an incredible team and are selectively growing it.

As an Application Security Engineer on our Security Engineering team, you will support our cloud infrastructure by developing tools, building services and providing consultative services to our engineering teams. You will be a key member safeguarding our users who trust Bolt. You will build tools, and services (We use Python, and Go). You’ll plan and carry out security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks.

What You Will Do:

  • Create services, tools and process to manage the security of our applications
  • Perform regular security assessments
  • Identify and remediate weaknesses in our processes and procedures
  • Configure systems to comply with industry best practices and hardening standards
  • Prioritize, triage and remediate vulnerabilities and findings from system scans and bug bounty programs
  • Partner with Software Engineering organization's security and privacy initiatives, leading security design reviews and threat modeling.
  • Partner with Software Engineering on security feature roadmaps.
  • Black-box and grey-box penetration testing, assessment, and code reviews
  • Research new attack vectors and techniques relevant to our space and present findings to both internal and external audiences.
  • Research known vulnerabilities and collaborate with engineers on the best ways to mitigate and reduce risk.
  • Participate in our incident response and vulnerability remediation efforts.
  • Evaluate external tooling, develop new automation and tooling.
  • Evolve SDLC to meet modern security threats and risks.
  • Develop lightweight processes to embed into Product Design and Software Engineering workflows.
  • Develop secure coding practices and train engineering teams.
  • Interface with customers' security teams when they are scoping and performing security assessments.


  • 3-5+ years work experience in an application security role.
  • 3+ years with code reviews, pentesting, and threat modeling experience
  • Deep knowledge of the latest forms of security vulnerabilities, threats and exploits
  • Experience managing large initiatives and ability to wear multiple hats
  • Experience working with security vendors and doing software security reviews
  • Experience running bug bounty programs
  • Experience training engineers and others on security topics
  • Ability to work autonomously in a fast paced, cross-functional environment, and comfort with ambiguity
  • Relevant development experience in multiple languages: Python, Java, Javascript/Typescript
  • In-depth experience identifying, protecting against, and exploiting web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
  • Strong understanding of risk evaluation and application security vulnerability management processes.