Cyprus

Application Security (AppSec) Engineer

ISX Financial EU Plc is an EEA/EU Electronic Money Institution licensed by the Central Bank of Cyprus and the United Kingdom's FCA. The company provides payments, issuance ...

ISX Financial EU Plc is an EEA/EU Electronic Money Institution licensed by the Central Bank of Cyprus and the United Kingdom's FCA.

The company provides payments, issuance of electronic money, IBAN addressable stored value accounts and KYC identity verification services to eCommerce merchants, regulated sector businesses and consumers.

Our inhouse developed platforms allow us to deliver technology and financial services to our customers, including our app flykk.it .

The Group employs more than 125 staff located across our offices located in Australia, Cyprus, Lithuania, United Kingdom, Netherlands, USA, Israel, Malta.

The Role

As an Application Security (AppSec) Engineer, you will need strong communication and collaboration skills, to work closely with cross-functional teams, including product management, development, QA, and operations.

You will be responsible for working with the software developers/leads to ensure secure coding best practices are applied across a multi-disciplined team; the Product Management to consult on the secure design of our products and services; and the QA Team to advise on security testing methodologies and validating the remediation of vulnerabilities.

You will be required to train Software Development teams in the areas of secure development and work collaboratively with our ITSM, DevOps, Technology & Infrastructure teams to support the delivery of projects and product improvements prioritised by the business.

You will support the business in deploying secure architecture and design principles, including defence-in-depth, zero-trust, and microservices and be required to perform threat modelling and apply risk assessment techniques to identify and prioritize security risks in fintech applications.

It’s important that you keep abreast of the latest security trends and technologies and incorporate your ideas into an organisation's security strategy.

The ideal candidate for this role should have a deep understanding of the security challenges and requirements in the fintech domain, along with the technical skills and experience to implement and maintain secure payment and banking solutions.

You will gain invaluable experience working with EU and globally recognised security standards and frameworks, such as PCI-DSS, ISO 27001, NIST, CIS, Swift CSCF, DORA, and PSD2.

Requirements

• An experienced Application Security Engineer or Consultant with 5 years’ experience supporting software development teams in secure development methodologies, tools, and processes.

• You have a software development or security-focused university degree OR equivalent experience.

• Familiar in one or more security development methodologies (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM etc.).

• A strong understanding of main security-related activities in development such as security requirements gathering, risk assessment, and security code review.

• You are familiar with the Attack Surface Management (ASM) continuous workflow, supporting Security teams and SOCs to establish a proactive security posture in response to a constantly evolving attack surface, and knowledge of the MITRE ATT&CK framework.

• Expertise in secure coding practices, including encryption and hashing techniques, input validation, and output encoding to prevent SQL injection, cross-site scripting (XSS), and other web application vulnerabilities.

• Experienced securing CI/CD pipelines to ensure the delivery of code that follows security-by-design principles and complies with minimum security requirements that you have implemented.

• Obtained relevant information security certifications, such as CASE, CASS, CISSP, ISSAP, CEH, etc.

• Experience with secure API design and implementation, including authentication and authorization mechanisms such as OAuth, OpenID Connect, and JWT.

• Familiarity with web application development languages and frameworks, such as Java, .NET, Swift, and nodeJS. What are the requirements?

• Bachelor’s degree in Computer Science or Software Engineering • Familiar with the PCI Software Security Framework (SSF) and PCI Secure Software Standard.

• Familiarity with the one or more cybersecurity tools in the following categories: Static Code Analysis, Dynamic Code Analysis, Software Composition Analysis, and Penetration Testing.

• Knowledge of secure key management and storage solutions, including Hardware Security Modules (HSMs) and cloudbased key management services.

• Knowledge of standards, controls, and frameworks, such as CIS Controls, CSA Cloud Controls Matrix, ISO27001, NIST Standards (800-53, CSF), OWASP Top 10.

• Develop and deliver training and education programs for employees on cyber security best practices.

Benefits

  • Private health insurance plan fully sponsored by the company from day one
  • 21 days of Annual Leave (reaching up to 30 days per year based on years’ service)
  • Birthday leave
  • Happy hour every Friday
  • Benefits card with exclusive discounts to shops, restaurants, private school etc
  • Sports Benefit participation scheme ( Platinum Package)
  • Employee Referral bonus
  • Internal cafeteria with barista, unlimited snacks, fruits, drinks
  • Performance Bonus
  • Employee wellness application ( mental, financial, nutritional )
  • Gaming Corner


Read more