Application Security Engineer bei AtoB

Our mission

The trucking and logistics industry provides the backbone of the economy. But the payments infrastructure on which it runs is broken. For the hard-working men and women of this sector, the existing suite of payment tools is outdated, difficult to use, prone to fraud, and saddled with shady fee structures. The incumbent players in this space often overlook the economic and practical needs of this user base.

We're changing that. AtoB is building Stripe for Transportation — modernizing the payments infrastructure for trucking and logistics. Supply chains rely on the timely movement of capital to function efficiently. Our end game is a world in which that capital movement occurs fairly, smoothly, and without delay. As we pursue that end game, we aim to center our customers in every way — offering them world-class customer experience and building products that work with and around the unique constraints of their daily lives. We build for fleet managers in the office and drivers on the road. We strive for products that are efficient, satisfying, and useful. Our customers enable our modern economy — they deserve it.

Our history and background

Our founding team has backgrounds in payments, working on autonomous vehicles at Cruise Automation, leading ops and growth for Uber, and building apps that were featured on the Apple app store. We have staff and senior engineers from Google, Uber, Meta, Shopify, Stripe, Chime, and other leading technology companies.

We have raised $125 million+ from investors such as General Catalyst, Elad Gil, Bloomberg Beta, Y Combinator, XYZ; founders and CEOs of companies such as Google (Eric Schmidt), Salesforce (Marc Benioff), Coinbase (Brian Armstrong), DoorDash (Tony Xu), Instacart, Gusto; strategic investors like Mastercard, Flexport and Samsara.

We were named to Forbes annual Next Billion-Dollar Startup List, and have just recently been selected to join the World Economic Forum as a Global Innovator.

AtoB is looking to hire a dedicated Application Security Engineer. You’ll join a small security team, working cross-functionally with backend, frontend, DevOps, product, and compliance teams to push security forward in every part of our stack.

What You’ll Do

• Design and implement security tooling, automation, and processes to support secure development, deployment, and operations

• Perform threat modeling, design reviews, and security assessments (API, web, mobile, microservices)

• Conduct secure code reviews, dynamic and static application security testing, and penetration testing

• Work closely with engineering teams to remediate identified security issues, embed secure practices in SDLC, and strike the balance between speed and safety

• Investigate and respond to application-level security incidents or suspicious behavior

• Help define and enforce security standards, policies, and best practices across the engineering organization

• Maintain and improve application security infrastructure: e.g. vulnerability scanners, SAST/DAST tools, secrets management, dependency scanning, WAF configuration, RASP, etc.

• Stay abreast of new threats, vulnerabilities, and relevant industry practices; share knowledge (e.g. internal training, security guilds, writing blog posts)

What We’re Looking For

• 4+ years of experience securing web and/or API-based applications in a production setting

• Hands-on experience with static analysis (SAST), dynamic analysis (DAST), interactive application security testing (IAST) or similar tools

• Experience performing manual code reviews in languages like Java, Python, Go, JavaScript/TypeScript, or others used at Atob

• Understanding of common web / API vulnerabilities (OWASP Top 10, API abuses, SSRF, injection, XSS, deserialization, etc.)

• Familiarity with authentication & authorization mechanisms (OAuth2/OIDC, JWT, session management, RBAC, etc.)

• Experience integrating security into a CI/CD pipeline (GitHub Actions, GitLab CI, Jenkins, CircleCI, etc.)

• Working knowledge of cloud platforms (AWS, GCP, Azure) and container/orchestration (Docker, Kubernetes)

• Strong problem-solving skills, ability to operate in ambiguity and drive security outcomes in fast-moving teams

• Excellent communication skills — you’ll partner and negotiate with engineers, product, and leadership