New RJRP now shows Market-Observed Roles alongside verified postings — scored by our Hiring Activity algorithm. How it works →
🔍
Market-Observed Role 🔍 Observed Very Active (80-100)
This role was detected through Chime's hiring system and hasn't been verified directly by the employer. Our algorithm scored it as Very Active (80-100) based on freshness, specificity, and company patterns. What does this mean? →

Senior Application Security Engineer

Chime
🔍 Observed
81
Hiring Activity Score
Very Active (80-100)
  • Base score
  • Posted 1 days ago
  • has location, quality description (12435 chars)
  • 61 new listings in 30d (×0.98 age 1d)
  • 4 skills
  • High confidence (90%)
  • Direct ATS (greenhouse)
How the Hiring Activity Score works →
Remote, USA; San Francisco, CA, USA First seen 1 day, 4 hours ago Last seen 4 hours, 54 minutes ago Greenhouse
Apply on Greenhouse Search Google for This Role

ATS links often expire — Google search finds the latest posting

Job Description

About the role

We are looking for a Sr. Full Stack Application Security Engineer with deep expertise in mobile application security to join our Product Security team. This role is hands-on and impact driven. You will work directly with mobile, backend, and platform engineering teams to identify, prevent, and remediate security issues across our iOS, Android, API, and backend systems.

You will operate close to the code and close to the product. That means reviewing architectures across the stack, influencing secure design decisions early, and helping teams ship features safely without slowing delivery. This role is for someone who understands how modern distributed systems and mobile apps are built, deployed, and attacked in real-world environments.

While mobile application security is a core focus, you will be part of a team that owns security posture across the full application stack including APIs, backend services, identity and authentication flows, and CI/CD pipelines.

The base salary offered for this role and level of experience will begin at $213,000 and up to $295,000. Full-time employees are also eligible for a bonus, competitive equity package, and benefits. The actual base salary offered may be higher, depending on your location, skills, qualifications, and experience. 

In this role, you can expect to

  • Build and improve security capabilities, automation, and guardrails for mobile applications and backend/API services
  • Perform application or API/backend penetration testing 
  • Identify, triage, and help remediate vulnerabilities across Chime products
  • Partner closely with engineering and product teams to embed security into the development lifecycle across mobile apps, APIs, and backend services
  • Perform architecture and code reviews across the stack (iOS/Android, APIs, backend) with a focus on secure data storage, authentication, authorization, secure communication, and session/token handling
  • Leverage AI to accelerate security workflows (e.g., code review support, triage, threat modeling), and partner with teams building AI-enabled features to define and implement production-grade AI security controls 

To thrive in this role, you have

  • 5+ years of experience in application security, with strong hands-on experience across both mobile and backend systems 
  • Hands on experience securing iOS and Android applications in production environments
  • Strong understanding of mobile threat models and common attack techniques
  • Experience with mobile security testing techniques, including static and dynamic analysis
  • Familiarity with iOS and Android platform security features and limitations
  • Practical coding experience, preferably in Ruby, Go, Python  languages
  • Ability to clearly communicate security risks, tradeoffs, and remediation guidance to engineering partners

#LI-Hybrid #LI-JL1

A little about us

At Chime, we believe that everyone can achieve financial progress. We created Chime—a financial technology company, not a bank*—on the premise that core banking services should be helpful, easy, and free. Through our user-friendly tools and intuitive platforms, we empower our members to take control of their finances and work towards their goals. Whether it's starting a savings account, purchasing a first car or home, launching a business, or pursuing higher education, we're proud to have helped millions unlock their financial potential.

We're a team of problem solvers, dreamers, and builders with one shared obsession: our members. From day one, Chimers have worked tirelessly to out-hustle and out-execute competitors to bring our mission to life. Their grit and determination inspire us to work harder every day to deliver the very best experience possible. We each bring an owner's mindset to our work, refusing to be outdone and holding ourselves accountable to meet and exceed the highest bars for our teams, our company, and our members.

We believe in being bold, dreaming big, and taking risks, while also working together, embracing our diverse perspectives, and giving each other honest feedback. Our culture remains deeply entrepreneurial, encouraging every Chimer to see themselves as stewards of our mission to help everyday Americans unlock their financial progress. 

We know that to achieve our mission, we must earn and keep people's trust—so we hold ourselves to the highest standards of integrity in everything we do. These aren't just words on a wall—our values are embedded in every aspect of our business, serving as a north star that guides us as we work to help millions achieve their financial potential.

Because if we don't—who will?

*Chime is a financial technology company, not a bank. Banking services provided by The Bancorp Bank, N.A. or Stride Bank, N.A., Members FDIC.

What we offer for our full-time, regular employees

  • 🏢 Our in-office work policy is designed to keep you connected - with four days a week in the office and Fridays from home for those near one of our offices, plus team and company-wide events depending on location. Whether you’re coming in regularly or are part of our fully remote program, you’ll stay engaged with your work and teammates.
  • 💻 In-office perks including backup child, elder, and/or pet care, plus a subsidized commuter benefit to support your regular commute
  • 💰 Competitive salary based on experience
  • ✨ 401k match plus great medical, dental, vision, life, and disability benefits
  • 🏝 Generous vacation policy and company-wide Chime Days, bonus company-wide paid days off
  • 🫂 1% of your time off to support local community organizations of your choice
  • 👟 Annual wellness stipend to use towards eligible wellness related expenses
  • 👶 Up to 24 weeks of paid parental leave for birthing parents and 12 weeks of paid parental leave for non-birthing parents
  • 👪 Access to Maven, a family planning tool, with $15k lifetime reimbursement for egg freezing, fertility treatments, adoption, and more.
  • 🎉 In-person and virtual events to connect with your fellow Chimers—think cooking classes, guided meditations, music festivals, mixology classes, paint nights, etc., and delicious snack boxes, too!
  • 💚 A challenging and fulfilling opportunity to join one of the most experienced teams in FinTech and help millions unlock financial progress

We know that great work can’t be done without a diverse team and inclusive environment. That’s why we specifically look for individuals of varying strengths, skills, backgrounds, and ideas to join our team. We believe this gives us a competitive advantage to better serve our members and helps us all grow as Chimers and individuals.

Chime is proud to be an Equal Opportunity Employer. We consider qualified applicants without regard to race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, genetic information, veteran status, or any other legally protected basis under provincial, federal, state, and local laws, regulations, or ordinances. We will also consider qualified applicants with criminal histories in a manner consistent with the requirements of state and local laws, including the San Francisco Fair Chance Ordinance, Cook County Ordinance, NYC Fair Chance Act, and the LA City Fair Chance Ordinance, and consistent with Canadian provincial and federal laws. If you have a disability or special need that requires accommodation during any stage of the application process, please contact: benefits@chime.com.

To learn more about how Chime collects and uses your personal information during the application process, please see the Chime Applicant Privacy Notice.

Skills

rust python aws go
Quick Actions
Apply Externally Search Google Back to Jobs
Job Information
  • Company:
    Chime
  • Location:
    Remote, USA; San Francisco, CA, USA
  • Job Type:
    Full-Time
  • Work Location:
    Remote
  • Experience Level:
    Senior
  • Source:
    Greenhouse
  • Status:
    Active
Activity Score
81 /100
Very Active (81)

Higher scores indicate more likely active hiring based on listing freshness, company activity, and other signals. Learn more →

More from Chime
+
🔍

We now show two types of job listings

Same commitment to real jobs. More opportunities for you. Here's how it works.

✓ Verified Employer-Verified Posts

These jobs were posted directly to RJRP by the employer. The company has been verified through our multi-step process. This is our gold standard — the employer is real, the job is real, and you can apply with confidence.

✓ 100% employer verified
🔍 Observed Market-Observed Roles

These roles were detected through employer hiring systems like Workday. They haven't been verified by the employer directly, so we score each one using our Hiring Activity Score — an algorithm that analyzes freshness, specificity, company hiring patterns, and more to estimate whether the role is actively being filled.

📊 Only high-scoring listings are shown

Our promise hasn't changed. We will never show you a listing we can't stand behind. Market-observed roles must pass our scoring threshold before they appear on RJRP. Anything that looks like a ghost job, a talent pipeline, or a dead listing gets filtered out — you'll never see it.