Senior Application Security Engineer

RevenueCat Inc.

Job Overview

Location

APAC

Job Type

Full-time

Full Job Description

📋 Description

• As a Senior Application Security Engineer at RevenueCat, you will play a critical role in safeguarding a platform that processes over $10B in annual purchase volume and powers monetization for more than 40% of newly shipped subscription apps globally. Your work will directly protect hundreds of millions of end-users and enable developers—from indie creators to teams at OpenAI—to securely grow their revenue without compromising speed or innovation.
• You will partner with engineering, product, and infrastructure security teams to embed security into the fabric of RevenueCat’s fast-shipping culture, ensuring that security keeps pace with innovation through automation, framework development, and proactive risk mitigation rather than acting as a bottleneck.
• Day to day, you will:
• Conduct security code and system reviews, threat modeling, and risk assessments for both mobile SDKs (iOS/Android) and backend services (Python), identifying vulnerabilities and recommending remediation strategies aligned with secure coding best practices.
• Support the Bug Bounty program by triaging, prioritizing, and validating reports, collaborating with engineers to reproduce and fix issues, and using insights to improve security foundations and developer education.
• Design, build, and promote automated security tooling (including SAST, DAST, and dependency scanning) integrated into CI/CD pipelines to shift security left and make secure development the default, low-friction choice for engineers.
• Collaborate with infrastructure security to harden cloud environments, assess configuration risks, and ensure secure architecture patterns are followed across services and APIs.
• Research emerging threats, particularly those related to AI-assisted development (e.g., prompt injection, MCP vulnerabilities), and develop guardrails, guidelines, or tooling to safely adopt LLMs and AI coding assistants in product development.
• Mentor and advise engineering teams on secure design principles, create reusable security frameworks (e.g., input validation, authentication, encryption patterns), and drive adoption through documentation, workshops, and pair programming.
• RevenueCat is a remote-first, values-driven company of 120+ people across 25 countries, guided by Customer Obsession, Always Be Shipping, Own It, and Balance. You’ll join a collaborative, high-trust environment where ownership is encouraged, experimentation is valued, and your impact scales globally through the apps and developers that rely on our platform.
• In this role, you will deepen your expertise in application security across mobile and cloud ecosystems, become a trusted advisor on AI-related security risks, and have the autonomy to initiate and lead impactful projects that shape RevenueCat’s long-term security posture—positioning you as a go-to expert and potential leader in application security within a high-growth, mission-driven tech company.

🎯 Requirements

• Deep understanding of common security flaws in web and mobile app environments, with proven experience identifying and mitigating vulnerabilities through code review and threat modeling.
• Hands-on experience with security tools and services, including SAST, DAST, proxies, and dependency scanners, and a track record of integrating them into development workflows.
• Proven experience securing mobile SDKs (iOS/Android) and backend services (Python), including knowledge of secure communication, data storage, and API protection.
• Familiarity with emerging AI security risks such as prompt injection, malicious code generation, and MCP vulnerabilities, with motivation to develop safeguards for AI-assisted development.
• Proactive mindset: ability to anticipate needs, own problems end-to-end, and drive solutions through automation, framework-building, and cross-team collaboration.
• Agile and iterative approach: comfort with fast-paced environments, rapid prototyping, and pivoting based on impact and feedback.

🏖️ Benefits

• Fully remote work with flexible hours, enabling you to work from anywhere in the APAC region while collaborating across global time zones.
• Competitive salary and equity package, reflecting the seniority and impact of the role within a high-growth, YC-backed company.
• Generous time-off policy, including vacation, sick leave, and company-wide recharge days to support work-life balance and prevent burnout.
• Annual learning and development stipend to pursue certifications, courses, conferences, or books related to security, AI, or professional growth.
• Access to cutting-edge tools and technologies, including AI coding assistants and modern security platforms, to experiment and innovate in your work.
• Inclusive, values-driven culture that emphasizes psychological safety, ownership, and continuous improvement, with regular team offsites and virtual events to foster connection.

Skills & Technologies

Python

iOS

Android

Senior

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

RevenueCat Inc.

Visit Website

About RevenueCat Inc.

RevenueCat provides a subscription management and in-app purchase infrastructure platform for mobile and web applications. The company offers SDKs, APIs, and dashboards that enable developers to implement, analyze, and optimize subscriptions across iOS, Android, and web platforms. Its services include real-time revenue tracking, customer lifecycle management, pricing experiments, and integrations with third-party analytics and attribution tools. RevenueCat serves individual developers, startups, and large enterprises seeking to streamline subscription billing, reduce churn, and grow recurring revenue without maintaining complex backend systems.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.