Application Security Engineer

Summary

Join Moniepoint Inc. as a Senior Security Engineer and champion secure innovation by embedding security into the software development lifecycle. Partner with engineering teams to safeguard customer trust while building cutting-edge services. Shape secure design through threat modeling and code review, drive efficiency via security automation, and mentor developers. As a technical leader, blend deep security expertise with exceptional influence, translating complex risks into actionable insights. Harmonize diverse perspectives, strategically prioritize risks, and guide partners to implement resilient, secure solutions. The ideal candidate possesses broad security knowledge and excels at communicating complex information to both technical and executive audiences. This role offers opportunities for professional growth and development within a dynamic and innovative company.

Requirements

• 5+ years in application security, including 2+ years in a senior/lead role
• Expertise in threat modeling (e.g., STRIDE, PASTA), penetration testing, and secure SDLC implementation
• Proficiency in code review for Java/Python/JavaScript and cloud platforms (AWS/Azure/GCP)
• Hands-on experience building security tools (e.g., scanners, CI plugins) with Python/Go
• Proven track record in security architecture design and risk-based decision-making
• Leadership: Ability to define team strategy, mentor engineers, and influence stakeholders
• Innovation: Aptitude for researching/implementing novel solutions to ambiguous security challenges
• Technical Depth: Mastery of application security frameworks (OWASP, NIST) and exploit techniques
• Communication: Translate technical risks to business impact for executives and engineers alike
• Execution: Drive implementation of security controls

Responsibilities

• Define and execute security strategy for product teams, aligning with business objectives
• Lead threat modeling, security architecture reviews, and design guidance for diverse software projects
• Mentor engineers technically and professionally, fostering a culture of security excellence
• Conduct adversarial security analysis using automated tools and manual techniques (e.g., custom exploit development)
• Perform manual/automated secure code reviews across Java, Python, JavaScript, and cloud-native stacks
• Develop security automation tools to scale vulnerability detection (SAST/DAST/IAST enhancements)
• Identify complex risks through offensive security research; advocate for cutting-edge mitigation technologies
• Solve novel security problems lacking predefined solutions (e.g., zero-day vulnerabilities, emergent attack vectors)
• Maintain and evolve threat models for critical applications and microservices architectures
• Partner with the engineering team to embed security controls into CI/CD pipelines and development practices
• Design/deliver security training programs tailored to development teams and business stakeholders
• Lead incident response for application security events and drive root-cause analysis

Preferred Qualifications

• OSCP, OSCE, GXPN, or similar offensive security certifications
• Contributions to security tooling/open-source projects
• Experience with container security (Kubernetes, Docker), serverless, or infrastructure-as-code

Benefits

• Pension
• Health insurance
• Employee Stock Options
• Annual bonus