Application Security Engineer

Your role at Exness:

You will identify existing and emerging security threats in inhouse applications services and create a protected environment. Together with a team of Application security engineers, you will maintain business continuity and regulatory compliance by fostering a security culture within the company. 

You will need a team player mindset and should be ready to collaborate with other departments to solve security-related issues. In this role, you will need to be passionate about keeping services safe and driven by opportunities to mitigate vulnerabilities and risks.

Our Application Security team creates and maintains the safest application environment for our employees and customers, maintaining a security lifecycle for inhouse applications based on microservice architecture, written mainly on Python and Golang. Our Application security engineers work with a wide stack of application security automation, including self-developed systems, maintain WAF, bug-bounty program, and are involved in awareness activities.

You will:

• Conduct security reviews of the architecture and code of new and existing in-house applications, including constant communication and coordination with development and ops teams.
• Support SDLC and Vulnerability management processes in development teams.
• Manage bug bounty program.
• Carry out the management of security incidents, including investigations and forensics.
• Maintain, improve, and work with internal automation, ASPM, SAST, SCA, DAST, WAF, and other security tools.
• Perform awareness training for developers.

What makes you a great fit:

• 4 or more years of experience in Application Security or penetration testing. Or more than 5 years in other IT Security roles
• Strong background in development or penetration testing
• Knowledge of the most common technical and logical vulnerabilities and ways of protective measures to prevent them from being exploited. 
• Strong experience in exploiting web vulnerabilities, as well as keeping up to date with the latest exploitation techniques.    
• Experience in writing and reading code in at least one programming language
• Ability to leverage business communication skills to inform, convince, and educate employees to enable practical information security activities and processes
• English proficiency level - intermediate or higher

Nice to have:

• Understanding of microservice architecture, environment, and security measures
• Understanding of security aspects of virtualization, containerization (Docker), and cloud services (AWS)
• Any industry certifications
• Pet projects, researches in the information security area, talks at conferences
• CTF or Bug Bounty Experience ;)

What we offer along the way:

• Competitive and attractive compensation
• Extensive learning opportunities, such as professional training and certifications, soft skills development, free English courses, and trading workshops
• Flight tickets to Cyprus, hotel or apartment accommodation for your first month, migration support, and legal help for you and your family
• Health and life insurance for employees, spouses, and children, including vaccinations, tests, mental health care, and coverage for vision and dental care
• Generous time off, including 21 days of annual leave and paid sick leave
• Education allowance for your children’s school and kindergarten fees 
• Access to our very own sports club with dedicated coaches, free Sanctum Club memberships for you and your spouse, corporate SUPs, jet skis, etc. 
• A branded company car with a parking space near the office
• Outstanding team-building experiences and Exness community gatherings

Your journey after applying:

1. Interview with a Talent Acquisition Specialist (45 minutes)
2. Short online English test (for non-native speakers)
3. Technical interview (1 hour)
4. Final interview (1 hour)