Senior Security Application Engineer

Summary

Join Pleo's Security team as a Senior Application Security Engineer and help shape the future of application security. Partner with engineering teams to design and review secure technical solutions, dive deep into authentication and encryption, and help triage and resolve issues. Guide developers on secure coding practices, support GRC and DevOps teams with automation, and help plan the Application Security roadmap. Drive long-term security initiatives balancing automation, compliance, and access needs. This role requires strong communication skills, experience working with developers, proficiency in server-side languages (Kotlin and TypeScript), expertise in code review and dynamic testing, and a deep understanding of security libraries and vulnerabilities. The ideal candidate will also have experience with Java or Kotlin, knowledge of PCI DSS, GDPR, or PSD2, and experience supporting compliance efforts. Pleo offers various benefits including a Pleo card, catered lunches or a lunch allowance, comprehensive private healthcare, 25+ days of holiday, hybrid/remote work options, access to mental health support, LinkedIn Learning access, paid parental leave, and more.

Requirements

• Strong communication skills and a pragmatic approach to security
• Experience working closely with developers and product teams
• Proficiency in at least one server-side language – we mainly use Kotlin and TypeScript
• Expertise in code review and dynamic testing to identify security flaws
• A deep understanding of security libraries, controls, and common vulnerabilities
• Subject matter expertise in at least one technical area of application security
• A passion for learning and solving unfamiliar or complex problems creatively
• The ability to approach problems with honesty, curiosity, and clarity

Responsibilities

• Partner with engineering teams to design and review secure technical solutions
• Dive deep into authentication, encryption, and partner integration security topics
• Help triage and resolve issues identified through our bug bounty program
• Guide developers on secure coding practices and help fix identified vulnerabilities
• Support GRC and DevOps teams with automation and security controls in our CI/CD pipelines
• Help plan, prioritise, and own the Application Security roadmap
• Drive long-term security initiatives that balance automation, compliance, and access needs

Preferred Qualifications

• Java or Kotlin proficiency, particularly with securing JVM-based applications
• Knowledge of PCI DSS, GDPR, or PSD2 and how they apply to application security
• Supporting compliance efforts such as audits, segmentation, or access controls

Benefits

• Your own Pleo card (no more out-of-pocket spending!)
• Lunch is on us for your work days – enjoy catered meals or receive a lunch allowance based on your local office 🍜
• Comprehensive private healthcare – depending on your location, coverage options include Vitality, Alan or Médis
• We offer 25 days of holiday + your public holidays
• For our team, we offer both hybrid and fully remote working options
• Option to purchase 5 additional days of holiday through a salary sacrifice
• We use MyndUp to give our employees access to free mental health and well-being support with great success so far ❤️‍🩹
• Access to LinkedIn Learning – acquire new skills, stay abreast of industry trends and fuel your personal and professional development continuously
• Paid parental leave – we want to make sure that we're supportive of families and help you feel that you don't have to compromise your family due to work 👶