Rain

Security Engineer

Rain • $120K — $150K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 4-8+ years in security engineering or app security with a solid record of securing applications.
  • Hands-on with tools like Semgrep, Burp Suite, Snyk for security analysis.
  • Understanding of web and API vulnerabilities, especially OWASP Top 10.
  • Experience in threat modeling and secure design reviews.
  • Knowledge of cloud security concepts and workload protection.
  • Strong collaborative mindset with engineers to develop security solutions.
  • Ability to independently address and remediate security risks.

Responsibilities

  • Lead application security assessments, including scans and code reviews.
  • Collaborate with product teams to drive remediation of security findings.
  • Integrate and scale security tools within CI/CD pipelines.
  • Develop application security standards to mitigate risks.
  • Conduct threat modeling for new features and APIs.
  • Work with Cloud & Infrastructure Security to align security controls.
  • Support incident response for application security events.

Benefits

  • Unlimited time off with a minimum requirement of 10 days.
  • Flexible working environment to suit individual productivity.
  • Comprehensive health, dental, and vision coverage for employees and dependents.
  • 401(k) plan with a 4% company match for retirement.
  • Equity options available for all employees.
  • Wellness spending supported with a company card for health-related purchases.
  • Opportunities for team summits and offsite gatherings.
Full Job Description
What You'll Do

As a Security Engineer with a focus on Application Security, you'll be a key contributor in embedding security into Rain's engineering lifecycle and supporting delivery of secure, trusted applications:
  • Lead application security assessments, including vulnerability scanning, code reviews, and threat modeling with engineering teams
  • Partner closely with product and development squads to drive remediation and help teams understand and resolve security findings efficiently
  • Integrate and scale automated security tooling across CI/CD pipelines (SAST, DAST, SCA, IaC) to shift security left
  • Develop and maintain application security standards, patterns, and guardrails that reduce risk and support rapid delivery
  • Drive threat modeling and risk assessments for new features, APIs, and services
  • Collaborate with Cloud & Infrastructure Security to align security controls across layers and support cloud-native security requirements
  • Support incident response for application-level security events and contribute to root-cause analysis and future mitigation strategies
  • Help build internal training and awareness programs to elevate secure coding and developer security literacy
  • Track and surface key security metrics, trends, and continuous improvement insights to leadership


What we're looking for
  • 4-8+ years of experience in security engineering, application security, offensive security, or secure software development; strong track record of securing modern applications
  • Hands-on experience with security tools such as Semgrep, Burp Suite, Snyk, Trivy, or similar for static, dynamic, and dependency security analysis
  • Solid understanding of web, API, and mobile security vulnerabilities (e.g., OWASP Top 10, API Top 10)
  • Experience driving or participating in threat modeling and secure design reviews
  • Familiarity with cloud concepts and securing cloud workloads
  • Collaborative mindset - you enjoy working closely with engineers to co-create practical security solutions
  • Practical understanding of SDLC and integrating security into development workflows
  • Ability to independently identify, prioritize, and drive remediation on critical findings
  • Experience balancing security risk with business and technical constraints
Nice to have, but not mandatory
  • Experience or exposure to runtime application protection (RASP) or advanced monitoring (e.g., eBPF-based tooling)
  • Experience with cloud security automation frameworks such as Security Hub remediations or DLP improvements
  • Security certifications like CISSP, CSSLP, OSCP, GWAPT, or similar
  • Familiarity with compliance frameworks like SOC 2, ISO 27001, OWASP SAMM and aligning controls
  • Prior experience in fintech, payments, or highly regulated environments
  • Exposure to API security tooling and design best practices


Things that enable a fulfilling, healthy, and happy experience at Rain:
  • Unlimited time off Unlimited vacation can be daunting, so we require Rainmakers to take at least 10 days off.
  • Flexible working We support a flexible workplace. If you feel comfortable at home, please work from home. If you'd like to work with others in an office, feel free to come in. We want everyone to be able to work in the environment in which they are their most confident and productive selves. New Rainmakers will receive a stipend to create a comfortable home environment.
  • Easy to access benefits For US Rainmakers, we offer comprehensive health, dental, and vision plans for you and your dependents, as well as a 100% company subsidized life insurance plan.
  • Retirement goalsPlan for the future with confidence. We offer a 401(k) with a 4% company match.
  • Equity plan 📦 We offer every Rainmaker an equity option plan so we can all benefit from our success.
  • Rain Cards 🌧 We want Rainmakers to be knowledgeable about our core products and services. To support this mission, we issue a card for our team to use for testing.
  • Health and Wellness High performance begins from within. Rainmakers are welcome to use their card for eligible health and wellness spending like gym memberships/fitness classes, massages, acupuncture - whatever recharges you!
  • Team summits Summits play an important role at Rain! Time spent together helps us get to know each other, strengthen our relationships, and build a common destiny. Expect team and company off-sites both domestically and internationally.

About Rain

Rain is a clothing brand that specializes in waterproof jackets. The company was founded in 2016 and is based in Vancouver, Canada. Rain's jackets are made from a waterproof and breathable fabric and are designed to be both functional and stylish. The company offers a range of jackets for men and women, as well as accessories such as hats and bags. Rain sells its products online and through select retailers.
Learn more about Rain
Size
10 employees
Industry
Founded
2017

Similar Jobs

More Jobs at Rain

  • Rain
    Solutions Architect
    $120K — $150K *
    New York, NY 10025 (New York County)
    Finance & Insurance
    In-Person
  • Rain
    Senior Product Manager
    $130K — $180K *
    New York, NY 10025 (New York County)
    Finance & Insurance
    In-Person
  • Rain
    People Operations Manager
    $90K — $130K *
    New York, NY 10025 (New York County)
    Business Services
    In-Person
  • Rain
    Solutions Engineer
    $100K — $150K *
    New York, NY 10025 (New York County)
    Enterprise Technology
    In-Person
  • Rain
    CISO
    $150K — $200K *
    New York, NY 10025 (New York County)
    Information Technology
    In-Person

More Information Technology Jobs

Find similar Security Engineer jobs: