Application Security Engineer

What we’re building and why we’re building it. 

Every month, millions of people use America’s Rewards App, earning rewards for buying brands they love – and a whole lot more. Whether shopping in the grocery aisle, grabbing a bite at the drive-through or playing a favorite mobile game, Fetch empowers consumers to live rewarded throughout their day. To date, we’ve delivered more than $1 billion in rewards and earned more than 5 million five-star reviews from happy users. 

It’s not just our users who believe in Fetch: with investments from SoftBank, Univision, and Hamilton Lane, and partnerships ranging from challenger brands to Fortune 500 companies, Fetch is reshaping how brands and consumers connect in the marketplace. When you work at Fetch, you play a vital role in a platform that drives brand loyalty and creates lifelong consumers with the power of Fetch points. User and partner success are at the heart of everything we do, and we extend that same commitment to our employees.

Ranked as one of America’s Best Startup Employers by Forbes for two years in a row, Fetch fosters a people-first culture rooted in trust, accountability, and innovation. We encourage our employees to challenge ideas, think bigger, and always bring the fun to Fetch.

Fetch is an equal employment opportunity employer.

Position Overview:

Fetch is seeking a versatile and motivated Security Application Engineer to join our Information Security team.The Security Application Engineer will serve as the bridge between development, operations, and Information Security, ensuring the design, development, and deployment of secure applications across Fetch’s technology landscape. 

Responsibilities:

Secure Software Development:

• Collaborate with engineering and product teams to incorporate security principles throughout the software development process. This includes ensuring that security considerations are addressed during planning, design, implementation, and deployment stages.
• Conduct and facilitate secure code reviews, analyzing code for vulnerabilities and providing actionable, prioritized recommendations for remediation.
• Guide teams in implementing secure coding practices, such as input validation, proper error handling, and adherence to standards (OWASP Top 10, SANS CWE).



Application Security Assessments:

• Perform and consult on application security testing, including static analysis (SAST), dynamic analysis (DAST), and manual penetration testing of applications.
• Identify and assess vulnerabilities, risks, and gaps in Fetch's applications. Work with developers to triage vulnerabilities and ensure timely resolution.

Security Tools Integration:

• Develop and integrate security tools into CI/CD pipelines (DevSecOps) to automate security checks.
• Maintain and enhance security tools, including SAST, DAST, and open-source vulnerability scanners.

Threat Modeling & Risk Assessments:

• Conduct threat modeling and security reviews of applications and systems.

• Develop and communicate strategies for mitigating identified risks early in the development cycle

Incident Response & Vulnerability Management:

• Respond to security incidents involving application vulnerabilities.
• Assist in root cause analysis, remediation planning, and implementation to prevent reoccurrence.

Training and Awareness:

• Educate and train developers and teams on secure coding practices, security frameworks, and emerging threats.
• Foster a security-first culture, encouraging secure design and development practices.

Stay Current with Trends:

• Stay up-to-date with the latest application security tools, techniques, and threat landscapes.
• Continuously improve security processes, practices, and tools based on industry standards and lessons learned.

Qualifications:

• Strong problem-solving and critical thinking skills.

• Excellent communication and ability to translate technical security findings into actionable insights for non-technical teams.

• Strong collaboration and relationship-building skills to work effectively with developers, operations, and business stakeholders.

• Ability to thrive in a fast-paced and agile environment, adapting to changing priorities.


• Proficiency in programming languages such as Python or Go.Strong understanding of secure coding practices and application security frameworks (OWASP Top 10, SANS CWE).
• Experience with static and dynamic application security testing (SAST/DAST) tools.

• Hands-on experience implementing security in CI/CD pipelines (DevSecOps).
• Solid understanding of web application architecture (APIs, microservices, authentication mechanisms).
• Experience building and deploying security solutions in AWS or other cloud environments.
• Familiarity with security automation tools.
• Proven understanding of container security (Docker/Kubernetes).
• Knowledge of cloud platforms like AWS (IAM, security groups, encryption) and their security best practices.
• Familiarity with penetration testing tools (Burp Suite, ZAP) and vulnerability management platforms.
• JFrog xray, Github Actions
• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent work experience).

• 3+ years of experience in application security or a related role.

• Relevant certifications such as CISSP, CEH, OSCP, GWAPT, or CSSLP are a plus.

At Fetch, we'll give you the tools to feel healthy, happy and secure through:

• Equity for everyone
• 401k Match: Dollar-for-dollar match up to 4%.
• Benefits for humans and pets: We offer comprehensive medical, dental and vision plans for everyone including your pets.
• Continuing Education: Fetch provides ten Thousand per year in education reimbursement.
• Employee Resource Groups: Take part in employee-led groups that are centered around fostering a diverse and inclusive workplace through events, dialogue and advocacy. The ERGs participate in our Inclusion Council with members of executive leadership.
• Paid Time Off: On top of our flexible PTO, Fetch observes 9 paid holidays, including Juneteenth and Indigenous People’s Day, as well as our year-end week-long break.
• Robust Leave Policies: 20 weeks of paid parental leave for primary caregivers, 14 weeks for secondary caregivers, and a flexible return to work schedule. $2000 baby bonus.
• Flexible Work Environment: Collaborate with your team in one of our stunning offices in Madison, Birmingham, or Chicago. We’ll ensure you are equally equipped with the hardware and software you need to get your job done in the comfort of your home.