Information Security Engineer (AppSec)

At the company, we believe people deserve more from their money—it should be more visible, more controlled, and more liberating. Since 2015, our mission has been to empower over 70 million customers through our suite of innovative financial products that simplify and enhance their financial lives. With over 13,000 employees working globally, we pride ourselves on maintaining a culture that has earned us recognition as a Great Place to Work™.

We are seeking an Application Security Engineer to join our Technology team and ensure the safety of our applications against threats and vulnerabilities. This role involves designing and developing applications with security at the forefront while performing testing, monitoring, and protection of our systems.

Location: United Arab Emirates (Remote)
Work Conditions: Full-time, Remote

Responsibilities:

• Perform security assessments on product designs, mobile apps (iOS/Android), web applications, and APIs.
• Engage in Red Team missions and threat-led testing scenarios to emulate real-world attacker behaviors.
• Lead and conduct penetration testing across applications, infrastructure, and APIs with both manual techniques and automated tools.
• Manage and enhance our private bug bounty program to validate submissions and collaborate with researchers.
• Influence our cloud security posture by identifying misconfigurations and implementing best practices in GCP and AWS environments.
• Work closely with engineering teams to integrate security within the software development lifecycle, offering guidance on secure architecture and threat modeling.
• Develop and enforce internal AppSec standards, policies, and practices aligned with OWASP, NIST, and industry benchmarks.
• Continuously research and evaluate emerging threats, tools, and technologies to stay ahead of the evolving security landscape.
• Contribute to internal security training sessions and mentor junior team members.

Qualifications:

• 3+ years of hands-on experience in application security, penetration testing, or a related security engineering role.
• Strong understanding of common web, mobile, and API vulnerabilities (e.g., OWASP Top 10) along with practical remediation approaches.
• Experience with code reviews, design reviews, and threat modeling for modern application architectures.
• Familiarity with DevSecOps practices and integrating security tooling into CI/CD pipelines.
• Knowledge of authentication, authorization, session management, and cryptographic best practices.
• Proficiency in security tools such as Burp Suite, MobSF, Frida, or custom scripts for analysis.
• Basic understanding of cloud security principles with experience in GCP or AWS environments.
• Excellent communication skills for effective collaboration with Engineering, Product, and DevOps teams.
• Proactive mindset with a passion for solving complex problems and driving secure engineering practices.
• Ability to work independently and as a trusted team player in a fast-paced environment.

Nice to Have:

• Experience in Red Team exercises, managing bug bounty programs, or contributing to open-source security tools or research.

We encourage applications from candidates with diverse backgrounds and experiences to join our multicultural team and help create innovative products and services for our customers.