Application Security Analyst

Application Security Analyst

About us:

BVNK provides modern payment infrastructure for businesses. We unify banks and blockchains in a single platform. With BVNK, businesses can send and receive stablecoin payments, convert between currencies, and add stablecoin payments to their checkout. Using our flexible platform, and robust global licensing and compliance expertise, innovators can launch new payment products quickly and compliantly.

We are a diverse team spread across the UK, Europe, South Africa, the US, and APAC, with a shared belief that all payment flows will interact with crypto in the coming decade, and BVNK will be at the forefront of this transformation of the financial system. We have raised $50M in Series B funding from top investors including Haun Ventures, Tiger Global, and Coinbase Ventures, and we're looking for smart, ambitious people to help us build the next generation of payments. 

We're incredibly honored to have made Newsweek's list of The Top 100 Global Most Loved Workplaces 2 years running (2023 and 2024) and to have been recognized by LinkedIn as one of the Top 20 Startups in the UK in 2024.

About this role in the team:

The Application Security Analyst at BVNK plays a crucial role in fortifying our application security posture. This involves ensuring secure configurations, robust business logic, and adherence to security best practices across our applications, cloud tools, and third-party integrations. The analyst collaborates closely with development, product, and other stakeholders, driving the implementation of security strategy and ensuring compliance with organizational policies and industry standards.

Key Areas of Responsibilities:

Software Assurance & Secure Development

• Collaborate with Engineering, Product and Development teams to include security in the business logic and fraud prevention, recommending actionable mitigations.
• Ensure rigorous reviews of application workflows and data flows before production releases, focusing on business logic, account protection, mitigating internal and external fraud risks through application usage. 
• Coordinate developer security training, lead software assurance reviews, and participate in Change Advisory Board meetings.

Application Security

• Approve and regularly audit security configurations for applications, financial and cloud tools, maintaining compliance with corporate policies.  
• Identify, assess, and mitigate risks tied to business logic, cloud integrations, and third-party systems.  
• Maintain and update a central vulnerability register from audits, tests, and external research; track and escalate remediation actions as necessary.

Continuity & Resilience

• Support Business Continuity Planning (BCP) by ensuring application security processes align with resilience goals for internal and external systems.  
• Collaborate with the Vendor Security and Risk Manager to oversee third-party security, evaluating vendor risk and compliance.

Security Process Execution

• Implement and refine application security processes portions across Finance, Legal, IT, Engineering, Risk, and other teams.  
• Balance security requirements with business objectives, investigate security incidents, and support audit/compliance initiatives.  
• Contribute to developing and updating security policies, conducting risk assessments, and steering strategic security enhancements.  
• Evaluate and implement security solutions, perform periodic system audits, and analyse data to inform improvements.

Abilities and Skills:

• Evaluate and improve cloud application security settings and third-party integrations.
• Strong analytical, problem-solving skills, and attention to detail.
• Effectively execute and optimize defined security processes.
• Excellent collaboration and communication skills for cross-functional teamwork.
• Understanding of security risk assessment frameworks and compliance standards (e.g., ISO 27001, NIST, OWASP).
• Proficiency in managing and reviewing cloud application configurations and third-party integrations.

Qualifications and Experience:

• Bachelor’s degree in Computer Science, Information Security, or equivalent experience.
• 2-4 years of experience in application security, cloud security, or related areas.
• CISSP, CISM, CEH, or relevant application security certifications are a plus.

What you can expect from us:

• Fair and competitive salary at every stage of your growth
• Meaningful ownership in the business through our employee option scheme
• Flexible working hours, with hybrid working at its heart
• A culture built on passionate growth-minded people
• A flexible approach to holiday
• Opportunities to travel to our offices around the world
• An open and creative environment where you can help us define the future of BVNK, its culture, and its opportunity sets

At BVNK, we are focused on building a diverse and inclusive team. While you may not meet all of our requirements, we’d encourage you to apply if you meet the majority of our expectations. You may be a great fit for this role or another role in our team.