Lead Application Security Engineer

Key Responsibilities: 
● Threat Modeling: Lead design reviews for new banking features (Payments, Transfers, 
KYC). Identify logic flaws before code is written. 
● Pipeline Automation: Architect and maintain the SAST/DAST/SCA tooling in the CI/CD 
pipeline (e.g., SonarQube, Snyk, GitLab CI) to block vulnerabilities automatically. 
● Code Review: Perform manual code audits on high-risk components (Authentication, 
Ledger logic) in Java, Kotlin, or Swift. 
● Cloud & AI Patterns: Deliver API, container, cloud, and AI security design patterns. 
Ensure that developers have "paved roads" (secure templates) for deploying 
microservices and AI models. 
● Culture: Act as a mentor to the development team, running secure coding workshops and 
championing a "Security Champion" program. 

Technical Requirements: 
● 5+ years in Application Security with a background in Software Development. 
● Proficiency in at least one core language: Java (Spring Boot), Node.js, or Go. 
● Deep understanding of OWASP Top 10 and SANS Top 25. 
● Experience with CI/CD integration (Jenkins, GitHub Actions). 
● Bonus: Experience in Fintech or Banking.