Application Security Engineer - SDLC

TransferWise is one the fastest growing companies in Europe and we’re on a mission: to make money without borders the new normal. We’ve got 8 million customers across the globe and we’re growing. Fast.

Current banking systems don’t let us send, spend or receive money across borders easily. Or quickly. Or cheaply.

So, we’re building a new one.

And, we’re looking for a Security Engineer with focus on AppSec to join our Security Operations team in Tallinn, who is responsible for the global security features of the TransferWise products.  

For our customers, using TransferWise should feel as simple as sending a text message. Yet behind our app and website lies a complex, one-of-a-kind engine of currencies and routes that’s being designed, built and powered by our talented teams in cities around the world. With new capabilities being built every day, there’s still a lot to figure out, and we can’t do it alone. This role is a unique opportunity to have an impact on TransferWise’s mission, grow as a product leader and help save millions more people money.  

The Security Operations Team is responsible for technical security concerns, security incident response lifecycle and AppSec across the company. We work together with product teams to minimize the amount of vulnerabilities introduced into Transferwise products. And we act as the first line of defence for attacks aimed against us internally or externally.   

Here’s how you’ll be contributing to the Engineering Team:

• Working closely with product engineers and finding new ways to protect our customer data and funds.
• Teaching engineers how to conduct threat modelling exercises and promoting good security engineering practices to our internal engineering community.
• Handling our bug-bounty program and external researchers to discover and fix existing problems in our products in collaboration with product engineers.
• Working on streamlining product vulnerability discovery and lifecycle management across engineering teams.

Is this you?

• Are passionate about Cybersecurity;
• Have worked within a production environment and understand the importance of CI;
• Have worked with pentesters, researchers and bug bounty programs;
• Are passionate about AppSec and everything around it;
• Experience with security tooling such as SAST, DAST and dependency scanning
• Have experience with Java stack or MVC frameworks to understand how our product and engineering works;
• Great communication and convincing skills and the ability to articulate complex technical concepts to other Wisers;
• Able to run your projects in collaboration with other teams and find the path for success;

Some extra skills that would be great:

• Software engineering experience;
• Application pentesting experience;
• Experience with conceiving and delivering theoretical and practical training sessions to engineers;
• Experience with microservice architecture;
• A basic understanding of statistics and Machine Learning;
• You know how to secure infrastructure in AWS;
• Understand how Scrum and Agile development works;
• You know are able to script and automate your work e.g. Python, Bash, Go

Interested? Find out more:

How we work – a practical guide

TransferWise Vlogs: Omar, Engineering Lead

Engineering team blog

Scaling our Infrastructure; how we make it work

We’re people without borders — without judgement or prejudice, too. We want to work with the best people, no matter their background. So if you’re passionate about learning new things and keen to join our mission, you’ll fit right in.

Also, qualifications aren’t that important to us. If you’ve got great experience, and you’re great at articulating your thinking, we’d like to hear from you.

And because we believe that diverse teams build better products, we’d especially love to hear from you if you’re from an under-represented demographic.

#LI-RJ1