Application Security Engineer

Application Security Engineer

Israel
Hybrid
Full-time

We are seeking an Application Security Engineer to join our Cyber Team in Payoneer. As an Application Security Engineer, you will be responsible for overall Application Security standards, guidelines, and requirements for different groups in Payoneer. Your expertise in secure architecture, design, and SSDLC will play a crucial role in ensuring the security of our products and the protection of our sensitive financial data. This is a strategic position that offers an opportunity to shape and drive the security initiatives of our cutting-edge fintech solutions.

What you’ll do:

• Review and approve secure architecture designs for new features and use-cases for Payoneer customers, partners, integrators or in-house solutions, considering best practices, regulatory requirements and business objectives.
• Collaborate with cross-functional teams (mainly R&D and DevOps/DevSecOps) to define security requirements and design robust security controls for systems, both on-prem and in the cloud.
• Define CI/CD processes and gates, such as SAST, SCA, Secret scanning and image/containers scanning during CI and Runtime.
• Provide technical guidance and expertise to internal teams in selecting and integrating in-house solutions or third-party vendors.
• Stay up-to-date with the latest security technologies, threats, and trends, and provide recommendations for continuous improvement.
• Serve as a subject matter expert on application security, providing guidance and mentorship to other teams in the company.
• Assist in creating or researching for security solutions – solving security challenges, both on-prem and in the cloud.

Who you are:

• 2+ years’ experience working as an Application Security Expert/Engineer/Architect or in a similar role.
• Experience and in-depth understanding of CI/CD workflows and methodology (Azure DevOps is an advantage)
• Deep understanding of cloud security principles and industry best practices.
• Multi-task skills: ability to work on multiple projects in parallel, providing application security support for different teams and initiatives in the company.
• Excellent communication and collaboration skills, with the ability to effectively convey complex security concepts to technical and non-technical stakeholders.

Advantage:

• Knowledge with AWS, Azure and GCP & their associated security services and features, as well as hands-on experience with cloud security products such as Wiz, Aqua, etc.
• Experience/familiarity (hands-on) with security tools integrated into our CI/CD and production environments such as SonarQube, Snyk, Aqua, Apiiro and others.
• Strong knowledge and experience with Kubernetes platform and services.
• Code review skills, mainly DotNet & Python.
• Additional skills related to Secure Software Development Lifecycle (SSDLC) and Application Security (AppSec) further enhance the candidate's value. These skills may include risk assessments, threat modeling, vulnerability assessments or penetration testing.
• Experience in fintech or financial services industry and familiarity with regulatory requirements and compliance standards in the financial industry, such as PCI DSS, PSD2 and GDPR.

#LI-AG2