ISX Financial EU Plc is a leading financial technology company that provides secure and efficient payment solutions. We are looking for talented individuals to join our team ...
ISX Financial EU Plc is a leading financial technology company that provides secure and efficient payment solutions. We are looking for talented individuals to join our team and help us continue to innovate in the fintech industry.
As an Electronic Money Institution licensed by the Central Bank of Cyprus, we offer a wide range of financial services, including payments, e-money issuance, and identity verification. Our advanced anti-fraud and anti-money laundering systems ensure the highest level of security for our customers.
We are a global company with offices in multiple countries, and our team is committed to delivering exceptional customer service and innovative solutions.
Join us and be part of a team that's shaping the future of finance.
The Role
As a DevSecOps Engineer, you will need strong communication and collaboration skills, to work closely with cross-functional teams, including product management, development, QA, and operations.
You will be responsible for working with the software developers/leads to ensure secure coding best practices are applied across a multi-disciplined team; the Product Management to consult on the secure design of our products and services; and the QA Team to advise on security testing methodologies and validating the remediation of vulnerabilities.
You will be required to train Software Development teams in the areas of secure development and work collaboratively with our ITSM, DevOps, Technology & Infrastructure teams to support the delivery of projects and product improvements prioritised by the business.
You will support the business in deploying secure architecture and design principles, including defence-in-depth, zero-trust, and microservices and be required to perform threat modelling and apply risk assessment techniques to identify and prioritize security risks in fintech applications.
It’s important that you keep abreast of the latest security trends and technologies and incorporate your ideas into an organisation's security strategy.
The ideal candidate for this role should have a deep understanding of the security challenges and requirements in the fintech domain, along with the technical skills and experience to implement and maintain secure payment and banking solutions.
You will gain invaluable experience working with EU and globally recognised security standards and frameworks, such as PCI-DSS, ISO 27001, NIST, CIS, Swift CSCF, DORA, and PSD2.
Requirements
• An experienced Application Security Engineer or Consultant with 5 years’ experience supporting software development teams in secure development methodologies, tools, and processes.
• To have a software development or security-focused university degree OR equivalent experience.
• Familiar in one or more security development methodologies (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM etc.).
• A strong understanding of main security-related activities in development such as security requirements gathering, risk assessment, and security code review.
• To be familiar with the Attack Surface Management (ASM) continuous workflow, supporting Security teams and SOCs to establish a proactive security posture in response to a constantly evolving attack surface, and knowledge of the MITRE ATT&CK framework.
• Expertise in secure coding practices, including encryption and hashing techniques, input validation, and output encoding to prevent SQL injection, cross-site scripting (XSS), and other web application vulnerabilities.
• Experienced securing CI/CD pipelines to ensure the delivery of code that follows security-by-design principles and complies with minimum security requirements that you have implemented.
• Obtained relevant information security certifications, such as CASE, CASS, CISSP, ISSAP, CEH, etc.
• Experience with secure API design and implementation, including authentication and authorization mechanisms such as OAuth, OpenID Connect, and JWT.
• Familiarity with web application development languages and frameworks, such as Java, .NET, Swift, and nodeJS.
Qualifications
• Bachelor’s degree in Computer Science or Software Engineering
• Be familiar with the PCI Software Security Framework (SSF) and PCI Secure Software Standard.
• Familiarity with the one or more cybersecurity tools in the following categories: Static Code Analysis, Dynamic Code Analysis, Software Composition Analysis, and Penetration Testing.
• Knowledge of secure key management and storage solutions, including Hardware Security Modules (HSMs) and cloud-based key management services.
• Knowledge of standards, controls, and frameworks, such as CIS Controls, CSA Cloud Controls Matrix, ISO27001, NIST Standards (800-53, CSF), OWASP Top 10.
• Develop and deliver training and education programs for employees on cyber security best practices.
Benefits
- Private health insurance plan fully sponsored by the company from day one
- 21 days of Annual Leave (reaching up to 30 days per year based on years’ service)
- Birthday leave
- Happy hour every Friday
- Benefits card with exclusive discounts to shops, restaurants, private school etc
- Sports Benefit participation scheme ( Platinum Package)
- Employee Referral bonus
- Internal cafeteria with barista, unlimited snacks, fruits, drinks
- Performance Bonus
- Employee wellness application ( mental, financial, nutritional )
- Gaming Corner
**
Please note that our company works with recruitment agencies on a pre-approved basis only. A recruitment agency that wishes to submit candidate profiles or resumes for consideration must obtain prior written consent from our HR team.
We do not accept unsolicited resumes from recruitment agencies, and we will not be responsible for any fees related to unsolicited CVs.