Application Security Engineer

Position Overview:

We are seeking an Application Security Engineer to join our Cyber Team in Payoneer. In your role, you will be responsible for overall Application Security standards, guidelines, and requirements for the organization. Your expertise in secure architecture, design, and SSDLC will play a crucial role in ensuring the security of our products and the protection of our sensitive data. In addition, you will be serving as a Cyber Operations representative within your organization, helping the Payoneer global cyber security team in the overall policies and methodologies within your organization.

Responsibilities:

• Collaborate with Payoneer Application Security team and aligning with Payoneer Application and Product Security posture.
• Review and approve secure architecture designs for developments and architects, both for the product environment and 3^rd party integrations, considering best practices, regulatory requirements and business objectives.
• Provide technical guidance and expertise to internal teams in selecting and integrating in-house solutions or third-party vendors.
• Overall responsibility of the SSDLC of the organization and how security is integrated into the product’s life cycle, from the design stage, into the development (choosing and implementing tools like SCA and SAST into the development pipeline and defining policies, managing the penetration testing policy and operations) and throughout the production environment.
• Assure Vulnerability Management processes are well implemented and enforced.
• Serve as a subject matter expert on application security, providing guidance and mentorship to other teams in the company.
• Leading Cyber Security incidents handling in Production.
• Assist the Payoneer global cyber operations team with aligning with Payoneer policies and controls.

Requirements:

• 5+ years’ experience in security architecture, software development, cloud security, or a related field.
• 3+ years in a leadership role.
• Networking Knowledge: Understanding TCP/IP, firewalls, VPNs, IDS/IPS, and proxy servers.
• Experience and in-depth understanding of CI/CD workflows and methodology
• Strong knowledge of cloud computing platforms such as AWS, Azure, or Google Cloud, and their associated security services and features and deep understanding of cloud security principles and industry best practices.
• Multi-task skills: ability to work on multiple projects in parallel, providing application security support for different teams and initiatives in the company.
• Excellent communication and collaboration skills, with the ability to effectively convey complex security concepts to technical and non-technical stakeholders.
• Excellent verbal and written English skills.

Advantages:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Professional security certifications (e.g., CISSP, CISM, CCSP, OSCP) are highly desirable.
• Knowledge and experience with cloud security products such as Wiz, Aqua, etc.
• Strong knowledge and experience with Kubernetes platform and services.
• Experience in evaluating and selecting cloud security solutions from both in-house solutions and third-party vendors.
• Experience/familiarity (hands-on) with security tools integrated into the CI/CD and production environments (SAST, CSA, DAST).
• Experience in fintech or financial services industry
• Familiarity with regulatory requirements and compliance standards in the financial industry, such as PCI DSS, PSD2 and GDPR

#LI-Onsite
#LI-SH1