Principal Application Security Engineer

The Job in short

• As a Principal AI Application Security Engineer you'll take the lead in a team of security engineers working to ensure we build, maintain and deploy secure software that is used by millions of users around the globe. If you have a hacker mindset, are passionate about security and always looking to extend your knowledge, then this is the place for you.
• Your core responsibility is to ensure the delivery of secure software. You guide and support the developer teams in delivering and deploying secure banking solutions. You are the go-to person for security, internally as well as for our clients. Leveraging your technical expertise and leadership, you drive the secure SDLC with its tools and processes.
• You ensure application security requirements are part of product development. You have expert understanding of application security and application security vulnerabilities and provide guidance to other team members. You provide architecture design reviews as well as source code reviews.
• You are responsible for Architectural Risk Analysis of the core products and lead the threat modeling activities. You provide training to developers and QA engineers on application security. You research new tools and take the initiative in improving the ways of working. You play a key role in selecting candidates for the security team as well as onboarding and mentoring new hires.

Meet the job

Looking for a journey instead of a job Then let's talk! We are THE pioneers in banking tech. We see opportunities and take the leap. Having the guts to push limits and break barriers to make things happen. We learn and reinvent ourselves for maximum impact, never giving up. We are creators, with a customer-centric mindset that love what they do and bring fun to any challenge. Together we kick ass, have fun and feel proud when our vision is delivered. Next day - we wake up and raise the bar a little higher. Are you ready

How about you

In order to really own this role, we think you'll need:

Excellent understanding of application security and common application security vulnerabilities;

Good understanding of LLM and programming languages commonly used in AI development, such as Python;

Experience in identifying vulnerabilities in LLM and generative AI;

Excellent understanding of DevOps and cloud native technologies;

Successful track record in identifying, triaging, and resolving security issues, including both application vulnerabilities and AI-specific threats;

A background in development in Python and/or Java and a good understanding of the SDLC;

English language on a professional level, written and spoken.

We'll be delighted if you bring experience in the following topics but otherwise these would be opportunities for you to grow your knowledge working in the security team:

Implementing OWASP ASVS/M-ASVS, OWASP AI Exchange;

Implementing SAST, SCA, IAST and RASP tools in the SDLC;

Facilitating threat modeling sessions for application and AI systems, identifying risks across traditional and AI-driven platforms;

Experience in penetration testing for web, mobile and AI applications, with specific focus on assessing model vulnerabilities to adversarial attacks and other AI-specific security concerns;

Training and guiding developers on application security concepts;

Relevant regulations such as GDPR and PCI-DSS.