Senior Application Security Engineer

[Company name's disclosed] is a payment platform that drives payment optimisation and stability. Our company is a full-stack payment ecosystem includes a range of financial technology products and solutions. Our flagship product is [product disclosed], the “all things payments app”. In addition to [product disclosed], we offer a range of other payment services to businesses and individuals, including card processing, cross-border payments / remittance, merchant acquiring, card issuing and e-wallets. Whatever our customers’ needs are, our breakthrough platform can help them integrate, process and transact globally. We aim to take our place on the forefront of payment disruption, bringing innovative solutions for flawless and low cost payments on the market.
Currently, we are looking for a Senior Application Security Engineer join our team.

Responsibilities:
• Conducting assessments of application architecture to identify and address security vulnerabilities;
• Conducting penetration test for web/mobile applications and services (API);
• Working with other tech teams to promote a robust security posture across development and operational processes - ensuring that security is an integral part of the software development lifecycle;
• Analyzing code to identify and remediate security weaknesses;
• Overseeing regular security testing on applications and systems;
• Collaborating with the development, platform, and product teams to create threat models, identifying potential security threats, and implementing countermeasures;
• Assisting with the development of training and awareness programs to enhance the understanding of secure coding and deployment practices across the organization;
• Implementing, managing, and monitoring of security tools within development and deployment processes to automate security testing and drive efficiency;
• Research actual security threats;
• Creating and maintaining documentation and metrics relating to application security including reports, runbooks, dashboards and KRIs.

Requirements:
• Minimum 3 years of professional experience as application security engineer within finance and banking field;
• Familiarity with Golang, C#, Java languages;
• Knowledge of cloud security and containerized technologies including Kubernetes or similar;
• Familiarity with modern web and mobile applications, development and protection methods;
• Knowledge of attack vectors and methods to bypass security systems;
• Knowledge of main approaches of DevSecOps/AppSec, experience with tools (SAST, DAST, SCA) and CI/CD integration;
• Experience in integration and automation of security practices into development process;

Nice to have:
• Security research practices, BugBaunty and CTF participation;
• Industry certifications like:
1) Offensive Security Certified Professional (OSCP)
2) Certified Ethical Hacker (CEH)
3) Global Information Assurance Certification (GIAC) Certifications (e.g., GIAC Certified Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), or GIAC Exploit Researcher and Advanced Penetration Tester (GXPN))
4) CREST Penetration Testing Certifications

What we offer:

• Fully remote work. If you are in Baku, London, Wroclaw you can visit the office whenever you wish.
• Competitive compensation
• Work-Life balance
• Dynamic Work Environment
• Offices in Baku, London, Toronto, Wroclaw.
• Service agreement contract or official employment in locations where we have legal entities