Find a Job

AppSec Engineer

This job post is expired. You can search for other jobs here at www.carierista.com.

#IF60666
Type: Full time

Who we are?

ISX Financial EU Plc is an EEA/EU Electronic Money Institution licensed by the Central Bank of Cyprus and the United Kingdom's FCA. The company provides payments, issuance of electronic money, IBAN addressable stored value accounts and KYC identity verification services to eCommerce merchants, regulated sector businesses and consumers.

Our inhouse developed platforms allow us to deliver technology and financial services to our customers, including our app flykk.it . The Group employs more than 125 staff located across our offices located in Australia, Cyprus, Lithuania, United Kingdom, Netherlands, USA, Israel, Malta.

The Role

As an Application Security (AppSec) Engineer, you will need strong communication and collaboration skills, to work closely with cross-functional teams, including product management, development, QA, and operations.

You will be responsible for working with the software developers/leads to ensure secure coding best practices are applied across a multidisciplined team; the Product Management to consult on the secure design of our products and services; and the QA Team to advise on security testing methodologies and validating the remediation of vulnerabilities.

You will be required to train Software Development teams in the areas of secure development and work collaboratively with our ITSM, DevOps, Technology & Infrastructure teams to support the delivery of projects and product improvements prioritised by the business.

You will support the business in deploying secure architecture and design principles, including defence-in-depth, zero-trust, and microservices and be required to perform threat modelling and apply risk assessment techniques to identify and prioritize security risks in fintech applications.

It’s important that you keep abreast of the latest security trends and technologies and incorporate your ideas into an organisation's security strategy.

The ideal candidate for this role should have a deep understanding of the security challenges and requirements in the fintech domain, along with the technical skills and experience to implement and maintain secure payment and banking solutions.

You will gain invaluable experience working with EU and globally recognised security standards and frameworks, such as PCI-DSS, ISO 27001, NIST, CIS, Swift CSCF, DORA, and PSD2.

Responsibilities include (but are not limited to):

  • An experienced Application Security Engineer or Consultant with 5 years’ experience supporting software development teams in secure development methodologies, tools, and processes.
  • You have a software development or security-focused university degree OR equivalent experience.
  • Familiar in one or more security development methodologies (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM etc.).
  • A strong understanding of main security-related activities in development such as security requirements gathering, risk assessment, and security code review.
  • You are familiar with the Attack Surface Management (ASM) continuous workflow, supporting Security teams and SOCs to establish a proactive security posture in response to a constantly evolving attack surface, and knowledge of the MITRE ATT&CK framework.
  • Expertise in secure coding practices, including encryption and hashing techniques, input validation, and output encoding to prevent SQL injection, cross-site scripting (XSS), and other web application vulnerabilities.
  • Experienced securing CI/CD pipelines to ensure the delivery of code that follows security-by-design principles and complies with minimum security requirements that you have implemented.
  • Obtained relevant information security certifications, such as CASE, CASS, CISSP, ISSAP, CEH, etc.
  • Experience with secure API design and implementation, including authentication and authorization mechanisms such as OAuth, OpenID Connect, and JWT.
  • Familiarity with web application development languages and frameworks, such as Java, .NET, Swift, and nodeJS.

Requirements:

  • Bachelor’s degree in Computer Science or Software Engineering
  • Familiar with the PCI Software Security Framework (SSF) and PCI Secure Software Standard.
  • Familiarity with the one or more cybersecurity tools in the following categories: Static Code Analysis, Dynamic Code Analysis, Software Composition Analysis, and Penetration Testing.
  • Knowledge of secure key management and storage solutions, including Hardware Security Modules (HSMs) and cloud-based key management services.
  • Knowledge of standards, controls, and frameworks, such as CIS Controls, CSA Cloud Controls Matrix, ISO27001, NIST Standards (800-53, CSF), OWASP Top 10.
  • Develop and deliver training and education programs for employees on cyber security best practices.

Package:

  • Attractive remuneration package
  • Private Medical Insurance
  • Employee Referral bonus
  • Internal cafeteria with barista, unlimited snacks, fruits and drinks
  • Sports Benefit participation scheme
  • Birthday leave
  • Competitive Salary
  • Performance Bonus, including mix of cash and share-based scheme of company stock for outstanding performers.
  • 21 days of Annual Leave (reaching up to 30 days per year based on years’ service)

How to Apply

Apply to careers@isxfinancial.com with a full copy of your CV quoting “AppSec Engineer”.

Furthermore, samples of your portfolio will be highly appreciated.

Right to Work

You must have the right to legally reside and work in the Republic of Cyprus or be an EU citizen.

Employment is subject to a National Police check.

Carierista Logo

Do you want to receive notifications related to new job positions, career and entrepreneurship matters?