Application Security Engineer

Your role at Exness:

You will identify existing and emerging security threats in in-house applications services and create a protected environment. Together with a team of Application security engineers, you will maintain business continuity and regulatory compliance by fostering a security culture within the company. You will use your industry experience to own and drive the resolution of complex security incidents, policy questions, and technical security issues.

You will need a team player mindset and should be ready to collaborate with other departments to solve security-related issues. In this role, you will need to be passionate about keeping services safe and driven by opportunities to mitigate vulnerabilities and risks.

Our Application Security team creates and maintains the safest application environment for our employees and customers, maintaining a security lifecycle for in-house applications based on microservice architecture, written mainly in Python and Golang. Our Application security engineers work with a wide stack of application security scanners, actively use DevSecOps approaches, and automate security operations, maintain WAF bug bounty programs, and are involved in awareness activities.

You will:

• Work directly with the business units to facilitate risk assessment and risk management processes.
• Maintain effective communication and coordination with development and ops teams in security-related areas.
• Conduct security reviews of architecture and code of new and existing in-house applications.
• Support SDLC and Defect management processes in development teams.
• Maintain, improve, and work with ASPM, SAST, SCA, DAST, WAF, and other security tools.
• Perform awareness training for developers.
• Carry out the management of security incidents, including investigations and forensics.
• Manage bug bounty program.

What makes you a great fit:

• 3 or more years of experience in information security or other IT roles
• Background in development or penetration testing
• Knowledge of most common technical and logical vulnerabilities and ways of protective measures from exploiting them
• Strong experience in exploiting web vulnerabilities
• Experience in writing and reading code in at least one programming language
• Ability to leverage business communication skills to inform, convince, and educate employees to enable practical information security activities and processes
• Intermediate-level or higher of English

Nice to have:

• General acquaintance with regulatory frameworks and compliance requirements associated with financial services
• Understanding of microservice architecture, environment, and security measures
• Understanding of security aspects of virtualization, containerization (Docker), and cloud services (AWS)
• Any industry certifications
• Pet projects, research in the information security area
• CTF or Bug Bounty Experience ;)

What we offer along the way:

• Competitive and attractive compensation
• Extensive learning opportunities, such as professional training and certifications, soft skills development, free English courses, and trading workshops
• Flight tickets, hotel or apartment accommodation for your first month in Cyprus, migration support, and legal help for you and your family
• Health and life insurance for employees, spouses, and children, including vaccinations, tests, mental health care, and coverage for vision and dental care
• Generous time off, including 21 days of annual leave and paid sick leave
• Education allowance for your children’s school and kindergarten fees 
• Access to our very own sports club with dedicated coaches, free Sanctum Club memberships for you and your spouse, corporate SUPs, jet skis, etc
• A branded company car with a parking space near the office
• Outstanding team-building experiences and Exness community gatherings

Your journey after applying:

1. First interview with Talent Acquisition Specialist (up to 45 minutes)
2. Short online English test (for non-native speakers)
3. Technical Interview (1 hour)
4. Final interview (1 hour)