- Company Name
- Pleo
- Job Title
- Senior Security Application Engineer
- Job Description
-
**Job title**: Senior Security Application Engineer
**Role Summary**:
Design, evaluate, and implement secure technical solutions for Pleo’s financial products, bridging engineering, DevOps, GRC, and product teams. Own the application security roadmap, drive secure development practices, and lead risk remediation for vulnerabilities discovered through internal and external channels.
**Expactations**:
- Deliver thorough security reviews for new and existing applications.
- Communicate security risks and mitigation strategies clearly to cross‑functional stakeholders.
- Influence product architecture to embed security from inception.
- Maintain up‑to‑date knowledge of industry standards (PCI‑DSS, GDPR, PSD2) and applicable regulatory requirements.
**Key Responsibilities**:
- Partner with engineering teams to design and review secure solutions, focusing on authentication, encryption, and partner integration.
- Perform code reviews and dynamic testing to identify vulnerabilities; coach developers to fix issues.
- Triage and resolve findings from bug‑bounty engagements.
- Automate security controls in CI/CD pipelines; support build, test, and deployment practices.
- Own and prioritize the Application Security roadmap, balancing automation, compliance, and accessibility.
- Lead security initiatives that scale product growth while meeting regulatory constraints.
- Collaborate with GRC, DevOps, and product teams on audits, segmentation, and access controls.
**Required Skills**:
- Strong written and verbal communication; pragmatic security mindset.
- Experience working closely with developers and product teams on secure code practices.
- Proficiency in at least one server‑side language (Kotlin, TypeScript, Java).
- Expertise in static and dynamic analysis, threat modeling, and secure coding standards.
- Deep knowledge of application security libraries, common vulnerabilities (e.g., OWASP Top 10), and mitigation strategies.
- Ability to solve complex, unfamiliar problems creatively and clearly.
**Bonus Skills**:
- Java/Kotlin experience, especially in securing JVM‑based systems.
- Familiarity with PCI‑DSS, GDPR, PSD2, and related compliance frameworks.
- Experience supporting compliance audits, network segmentation, or access‑control solutions.
**Required Education & Certifications**:
- Bachelor’s degree in Computer Science, Information Security, or related field.
- Industry certifications such as CISSP, CISM, or OSCP strongly preferred.