Information Security Engineer (Appsec)

At Revolut, we believe people deserve more from their money, with greater visibility, control, and freedom. Since our inception in 2015, we have aimed to provide innovative financial products that sustain the needs of over 60 million customers. Our rapid growth has been fueled by our people and culture, and we're proud to be recognized as a Great Place to Work™ with a team of over 10,000 people worldwide.

We are seeking an Application Security Engineer to ensure our software remains safe from threats and vulnerabilities. You will be tasked with designing and building secure applications while actively testing, monitoring, and protecting our systems.

What You'll Be Doing:

• Performing security assessments on product designs, mobile apps (iOS/Android), web applications, and APIs.
• Participating in Red Team missions and threat-led testing scenarios to simulate real-world attacker behaviors.
• Leading and conducting penetration testing across applications, infrastructure, and APIs, utilizing both manual techniques and automated tools.
• Managing and evolving our private bug bounty program, validating submissions, collaborating with researchers, and ensuring timely resolution of findings.
• Contributing to cloud security posture, identifying misconfigurations, and collaborating with DevOps to implement best practices across GCP and AWS.
• Partnering with engineering teams to embed security into the software development lifecycle, providing guidance on secure architecture and threat modeling.
• Developing and enforcing internal AppSec standards, policies, and practices aligned with OWASP, NIST, and industry benchmarks.
• Continuously researching and evaluating emerging threats, tools, and technologies.
• Contributing to internal security training sessions and mentoring junior team members.

What You'll Need:

• 3+ years of hands-on experience in application security, penetration testing, or security engineering.
• Solid understanding of common vulnerabilities (e.g., OWASP Top 10, CWE) and effective remediation strategies.
• Experience conducting code reviews, design reviews, and threat modeling for modern application architectures.
• Familiarity with DevSecOps practices and security tooling in CI/CD pipelines.
• Proficient in authentication, authorization, session management, and cryptographic best practices.
• Knowledge of security tools, such as Burp Suite, MobSF, or custom scripts for analysis.
• A basic understanding of cloud security principles with experience in GCP or AWS environments.
• Strong communication skills for effective collaboration with diverse teams.
• A proactive mindset with a passion for problem-solving in secure engineering practices.
• Ability to work independently and as a valuable team player in a fast-paced environment.

Location: United Arab Emirates (Remote)
Work Conditions: Full-time, Remote

Revolut encourages applications from diverse backgrounds, fostering an inclusive workplace to drive innovation and create exceptional products and services for our customers.