Senior Application Security Engineer

Senior Application Security Engineer

Our Partner is a revenue-generating payment service and technology provider. Our Partner provides integrated digital payment services on a unique single platform that offers acquiring, processing, digital wallets, VAT refund and currency conversion services.
Our Partner helps businesses meet the needs of their customers by simplifying complex payments, helping people spend freely. Our Partner serves 600,000 Merchants and 100 partner banks across more than 70 markets on five continents.

As a Senior Application Security Engineer, you will mainly support Our Partner’s vulnerability management process coverage and help proactively identify and mitigate security risks. The Application Security Engineer will also ensure the security of web applications, APIs, and mobile applications (APKs) for a payment solutions company. 

ROLES AND RESPONSIBILITIES:

• Conduct regular vulnerability scans using automated tools to identify security weaknesses.
• Manage and track vulnerabilities from discovery to remediation.
• Prioritise vulnerabilities based on risk and impact and work with development teams to ensure timely resolution.
• Conduct comprehensive manual penetration tests on web applications, APIs, and mobile applications (APKs) to identify vulnerabilities.
• Document findings and provide detailed recommendations for remediation.
• Perform segmentation tests to ensure proper network segmentation and isolation of critical assets.
• Manage SAST and DAST solutions.
• Assist in defining and implementing security requirements for new payment solutions.
• Ensure compliance with industry standards and regulations, such as PCI DSS.
• Collaborate with product and engineering teams to integrate security best practices into the software development lifecycle.

KEY REQUIREMENTS FOR THIS ROLE:

• 5+  years of experience in Application Security or related roles.
• 3+ years of hands-on experience with advanced application security tools such as Nexpose, Tenable, Rapid7, OpenVAS, Invicti, DASTerdly, Snyk, Checkmarx, and SonarQube.
• Experience in using penetration testing tools such as Burp Suite and Metasploit, among others. 
• Preferred certifications include eWPT, PNPT, OSCP, CISSP, GWAPT, or similar.
• Experience in IT general controls and internal control areas is required, as is the comprehension of standards and methodologies related to OWASP, PTES, NIST, CIS, PCI DSS, and ISO 27001.
• A clear understanding of pentest methodologies and reporting.
• Great awareness of cybersecurity trends and hacking techniques.
• Promote a culture of security within the organisation.
• Stay up-to-date with the latest security trends, vulnerabilities, and technologies.
• Continuously improve security testing methodologies and processes.
• Ability to work under pressure in a fast-paced environment.
• Strong attention to detail with an analytical mind and outstanding problem-solving skills.
• Excellent communication skills, both verbal and written.