Associate Application Security Engineer

Summary

Join Pleo's team as an Associate Application Security Engineer and contribute to protecting customers' money by ensuring application security and improving internal dev practices.

Requirements

• You recognize that communication is a core part of your job within application security
• You are pragmatic in your approach to security - and keen on learning the goldilocks principle
• You agree security isn’t simple, but about understanding complex systems and applying/recycling creative thinking to interesting problems
• You love learning new things and enjoy working with problem areas you aren't an expert in (yet) and keen to become one
• You are honest and unafraid to state things exactly like they are - acknowledging and communicating what's broken is the first step to fixing things
• You can confidently read server-side languages (we mostly use Kotlin and TypeScript but we know you can learn new languages)
• You’ve read up on common security flaws and resolutions as published by OWASP, SANS, etc
• You have some experience in reviewing security issues during a code review
• You’re keen on understanding and gaining experience with common security libraries, and common security flaws
• You have played a bit with common web application testing tools (e.g., Burp Suite) and/or SCA/SAST tools

Responsibilities

• Assist in dispatching managed Bug Bounty program findings to appropriate teams and follow up as directed
• Assist Senior team members on feedback to engineering teams during threat modelling sessions
• Work on scoped security tasks under supervision, including basic authentication, encryption, and partner integration tasks
• Assist in reviewing and understanding common security issues in code reported in our bug bounty program, and relay common best practices and guidance to developers
• Provide basic technical support to the GRC and DevOps team in developing and maintaining security automation in the CI/CD pipeline under the guidance of senior team members
• Participate in threat modelling sessions suggesting mitigations to potential threats
• Assist technical security assessments on our web applications and mobile application
• Participate in projects while supporting a long-term security vision

Benefits

• Your own Pleo card (no more out-of-pocket spending!)
• Lunch is on us - with catering in our Lisbon, Copenhagen and London offices or a monthly lunch allowance paid directly together with your salary in other markets
• Private health insurance to ensure you’re fit in body and mind to do your best work
• We offer 25 days of holiday + your public holidays
• Flexibility/remote working options
• Option to purchase 5 additional days of holiday through a salary sacrifice
• We’re trialling MyndUp to give our employees access to free mental health and wellbeing support with great success so far
• Access to LinkedIn Learning - acquire new skills, stay abreast of industry trends and fuel your personal and professional development continuously
• Paid parental leave - we want to make sure that we're supportive of families and help you feel that you don't have to compromise your family due to work