Exelsys Limited
AppSec Engineer
Exelsys Limited, Malta, New York, United States,
ISX Financial EU Plc is an EEA/EU Electronic Money Institution licensed by the Central Bank of Cyprus and the United Kingdom's FCA.The company provides payments, issuance of electronic money, IBAN addressable stored value accounts and KYC identity verification services to eCommerce merchants, regulated sector businesses and consumers.Our inhouse developed platforms allow us to deliver technology and financial services to our customers, including our app flykk.it.The Group employs more than 125 staff located across our offices in Australia, Cyprus, Lithuania, United Kingdom, Netherlands, USA, Israel, and Malta.The Role
As an Application Security (AppSec) Engineer, you will need strong communication and collaboration skills to work closely with cross-functional teams, including product management, development, QA, and operations.You will be responsible for working with the software developers/leads to ensure secure coding best practices are applied across a multi-disciplined team; consulting with Product Management on the secure design of our products and services; and advising the QA Team on security testing methodologies and validating the remediation of vulnerabilities.You will train Software Development teams in secure development and collaborate with our ITSM, DevOps, Technology & Infrastructure teams to support the delivery of projects and product improvements prioritized by the business.You will support the business in deploying secure architecture and design principles, including defence-in-depth, zero-trust, and microservices, and be required to perform threat modelling and apply risk assessment techniques to identify and prioritize security risks in fintech applications.It’s important that you keep abreast of the latest security trends and technologies and incorporate your ideas into the organization's security strategy.The ideal candidate for this role should have a deep understanding of the security challenges and requirements in the fintech domain, along with the technical skills and experience to implement and maintain secure payment and banking solutions.You will gain invaluable experience working with EU and globally recognized security standards and frameworks, such as PCI-DSS, ISO 27001, NIST, CIS, Swift CSCF, DORA, and PSD2.Requirements
An experienced Application Security Engineer or Consultant with 5 years’ experience supporting software development teams in secure development methodologies, tools, and processes.A software development or security-focused university degree OR equivalent experience.Familiarity with one or more security development methodologies (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM etc.).A strong understanding of main security-related activities in development such as security requirements gathering, risk assessment, and security code review.Familiarity with the Attack Surface Management (ASM) continuous workflow, supporting Security teams and SOCs to establish a proactive security posture in response to a constantly evolving attack surface, and knowledge of the MITRE ATT&CK framework.Expertise in secure coding practices, including encryption and hashing techniques, input validation, and output encoding to prevent SQL injection, cross-site scripting (XSS), and other web application vulnerabilities.Experience securing CI/CD pipelines to ensure the delivery of code that follows security-by-design principles and complies with minimum security requirements.Obtained relevant information security certifications, such as CASE, CASS, CISSP, ISSAP, CEH, etc.Experience with secure API design and implementation, including authentication and authorization mechanisms such as OAuth, OpenID Connect, and JWT.Familiarity with web application development languages and frameworks, such as Java, .NET, Swift, and nodeJS.Bachelor’s degree in Computer Science or Software Engineering.Familiarity with the PCI Software Security Framework (SSF) and PCI Secure Software Standard.Knowledge of cybersecurity tools in categories such as Static Code Analysis, Dynamic Code Analysis, Software Composition Analysis, and Penetration Testing.Knowledge of secure key management and storage solutions, including Hardware Security Modules (HSMs) and cloud-based key management services.Knowledge of standards, controls, and frameworks, such as CIS Controls, CSA Cloud Controls Matrix, ISO27001, NIST Standards (800-53, CSF), OWASP Top 10.Develop and deliver training and education programs for employees on cyber security best practices.Benefits
Private health insurance plan fully sponsored by the company from day one21 days of Annual Leave (reaching up to 30 days per year based on years of service)Birthday leaveHappy hour every FridayBenefits card with exclusive discounts to shops, restaurants, private school etc.Sports Benefit participation scheme (Platinum Package)Employee Referral bonusInternal cafeteria with barista, unlimited snacks, fruits, drinksPerformance BonusEmployee wellness application (mental, financial, nutritional)
#J-18808-Ljbffr
As an Application Security (AppSec) Engineer, you will need strong communication and collaboration skills to work closely with cross-functional teams, including product management, development, QA, and operations.You will be responsible for working with the software developers/leads to ensure secure coding best practices are applied across a multi-disciplined team; consulting with Product Management on the secure design of our products and services; and advising the QA Team on security testing methodologies and validating the remediation of vulnerabilities.You will train Software Development teams in secure development and collaborate with our ITSM, DevOps, Technology & Infrastructure teams to support the delivery of projects and product improvements prioritized by the business.You will support the business in deploying secure architecture and design principles, including defence-in-depth, zero-trust, and microservices, and be required to perform threat modelling and apply risk assessment techniques to identify and prioritize security risks in fintech applications.It’s important that you keep abreast of the latest security trends and technologies and incorporate your ideas into the organization's security strategy.The ideal candidate for this role should have a deep understanding of the security challenges and requirements in the fintech domain, along with the technical skills and experience to implement and maintain secure payment and banking solutions.You will gain invaluable experience working with EU and globally recognized security standards and frameworks, such as PCI-DSS, ISO 27001, NIST, CIS, Swift CSCF, DORA, and PSD2.Requirements
An experienced Application Security Engineer or Consultant with 5 years’ experience supporting software development teams in secure development methodologies, tools, and processes.A software development or security-focused university degree OR equivalent experience.Familiarity with one or more security development methodologies (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM etc.).A strong understanding of main security-related activities in development such as security requirements gathering, risk assessment, and security code review.Familiarity with the Attack Surface Management (ASM) continuous workflow, supporting Security teams and SOCs to establish a proactive security posture in response to a constantly evolving attack surface, and knowledge of the MITRE ATT&CK framework.Expertise in secure coding practices, including encryption and hashing techniques, input validation, and output encoding to prevent SQL injection, cross-site scripting (XSS), and other web application vulnerabilities.Experience securing CI/CD pipelines to ensure the delivery of code that follows security-by-design principles and complies with minimum security requirements.Obtained relevant information security certifications, such as CASE, CASS, CISSP, ISSAP, CEH, etc.Experience with secure API design and implementation, including authentication and authorization mechanisms such as OAuth, OpenID Connect, and JWT.Familiarity with web application development languages and frameworks, such as Java, .NET, Swift, and nodeJS.Bachelor’s degree in Computer Science or Software Engineering.Familiarity with the PCI Software Security Framework (SSF) and PCI Secure Software Standard.Knowledge of cybersecurity tools in categories such as Static Code Analysis, Dynamic Code Analysis, Software Composition Analysis, and Penetration Testing.Knowledge of secure key management and storage solutions, including Hardware Security Modules (HSMs) and cloud-based key management services.Knowledge of standards, controls, and frameworks, such as CIS Controls, CSA Cloud Controls Matrix, ISO27001, NIST Standards (800-53, CSF), OWASP Top 10.Develop and deliver training and education programs for employees on cyber security best practices.Benefits
Private health insurance plan fully sponsored by the company from day one21 days of Annual Leave (reaching up to 30 days per year based on years of service)Birthday leaveHappy hour every FridayBenefits card with exclusive discounts to shops, restaurants, private school etc.Sports Benefit participation scheme (Platinum Package)Employee Referral bonusInternal cafeteria with barista, unlimited snacks, fruits, drinksPerformance BonusEmployee wellness application (mental, financial, nutritional)
#J-18808-Ljbffr