Back to jobs

Application Security Engineer

Spain- Boadilla del Monte, Madrid

 

PagoNxt is looking for a Application Security Engineer, based in our Boadilla del Monte (Madrid) office. 

We embrace a strong risk culture and all of our professionals at all levels are expected to take a proactive and responsible approach toward risk management.

 

WHY YOU SHOULD CONSIDER THIS OPPORTUNITY

PagoNxt is a world-leading payment solution provider for merchants, international corporates and SME’s. Part of the Santander Group, boasting over 160 years of banking experience and 155 million customers worldwide, PagoNxt is an autonomous company, the Group’s FinTech delivering fast solutions to the payments market.

This position is for the Payments Hub team. We are currently extending our cloud native payments processing platform to Santander banks and other financial institutions, with the aim of providing a single access to most domestic and international payment methods at global scale.

If you would like to join a global community of world-class payment experts, this is the place for you! This is a unique opportunity to work for a company that combines the best of both worlds: innovative technology of a FinTech with the reach and expertise of a leading global financial institution.

 

WHAT YOU WILL BE DOING

As a Application Security, you will play a strategic role in shaping the security foundation of our global payment platform. You will drive security development, design decisions, and technical roadmaps to ensure application security is embedded by default.

You’ll work closely with engineering, platform, and product leaders to define and execute a long-term application security vision—shifting security left, automating prevention and detection, and reducing risk at scale. This is a highly autonomous role with direct impact on secure platform growth.

 

YOUR RESPONSIBILITIES

  • Design and implementation of scalable, secure-by-design software development lifecycle.
  • Define and evolve our application security strategy, balancing automation, risk reduction, and developer enablement.
  • Drive adoption of security tooling and automation in CI/CD: SAST, DAST, SCA and so on
  • Standardize threat modeling, secure code review practices, and appsec design reviews.
  • Establish and maintain reusable patterns for secure API design, authentication/authorization, data protection, and secrets management.
  • Provide technical mentorship to engineers and security champions across the organization.
  • Stay ahead of emerging threats, vulnerabilities, and technologies relevant to fintech and cloud-native systems.

 

REQUIRED QUALIFICATIONS

Must-Have:

  • Team-oriented and collaborative mindset
  • Experience in application security, software security architecture, or a senior engineering role with strong security focus.
  • Hands-on experience security tools and cloud-native environments
  • Experience integrating security toolling.
  • Strong background in modern appsec practices: OWASP, threat modeling, crypto, identity, API security, SAST/DAST/SCA.
  • Proficient in at least one programming language, expecially Java (e.g., Python, Java, Go, Node.js).
  • Excellent communication skills in English (written and spoken), capable of influencing technical and non-technical stakeholders.

Nice-to-Have:

  • Certifications such as OSWE, CSSLP, CISSP, AWS Security Specialty.
  • Some understanding of offensive security or pentesting would be advantageous.
  • Experience working in regulated environments (PCI-DSS, ISO 27001, SOC 2).
  • Familiarity with tools like Semgrep, Burp, ZAP, Snyk.

 

 

Apply for this job

*

indicates a required field

Resume/CV

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf


Select...
Select...

The PagoNxt entity advertising the vacancy for which you are applying will process your personal information as a data controller to assess your suitability for the position and manage the recruitment process.
If you are applying for a job in the EU, the legal basis for processing your data is the need to take steps to assess your suitability for the position offered (Art. 6.1b GDPR). If you are applying from outside the EU, the legal basis can be found in the privacy notice. To exercise your privacy rights (including access, rectification, erasure, restriction of processing, portability, objection and not being subject to automated decisions or any other required by law), please write to the Data Protection Officer of the PagoNxt entity listed in our privacy notice or send an email to privacy@pagonxt.com. You can also submit a complaint to the relevant supervisory authority.
Please read the details of the processing in our Privacy Notice:

consolidado_data_protection_candidates_rev_dpo_v09_10_2024.pdf