Application Security Engineer

About Viva.com

Viva.com is a leading European cloud-based neobank, delivering the future of payments, now. With presence in 24 markets, it is the payment institution with the largest footprint in Europe. Viva.com’s mission is to change the way businesses pay and get paid, offering truly unifying, yet localized, end-to-end advanced digital payments solutions and embedded banking services tailored to their needs. An advocate for a sustainable cashless economy, the Organisation delivers digital payments services across three different time zones, in 17 languages and 9 currencies, featuring over 30 payment methods. Harnessing the power of revolutionary technologies, such as the viva.com | Terminal app and Smart Checkout payment gateway, Viva.com provides an omnichannel solution, that offers seamless, conversion-boosting and secure ways to process online and in-person transactions, streamlining business operations and enhancing the customer experience.

Learn more at viva.com

The Team

The Cybersecurity team is designated with the development and implementation of Viva’s cybersecurity strategy and cybersecurity architecture. Furthermore, the team ensures the improvement of the company’s security posture through a cross functional role with other departments along with the enhancement of the overall cybersecurity capabilities.

The Role

As member of the Cybersecurity team, the Application security engineer will be responsible for establishing security by design and implementing security standards, controls and best practices for application and product security. He/she will have a key role in the software development lifecycle (SDLC), ensuring that security is integrated at every stage (DevSecOps) with continuous improvement of the overall security of applications and products. The successful candidate is expected to collaborate across multiple workstreams and roles like software architects, developers, program management leads and engineering leads across the Technology Group.

Responsibilities

• Support and advise product and development teams, product managers, and third-party groups during design and development to ensure product and application security.
• Support technology functions in the implementation of technical measures to mitigate security risks.
• Perform regular application security assessments for potential vulnerabilities and non-compliance with security standards and work with development teams on remediation actions.
• Perform code reviews and dynamic testing. Generate actionable reports derived from testing activities and recommend remediation actions. · Perform threat modeling to identify potential threats in application or product by understanding the architecture, identifying potential attack vectors, and plan threat mitigation actions.
• Develop and oversee a recurring application security testing plan and support the preparation of critical and regular security releases.
• Provide guidance to developers on secure coding practices, develop security training and communicate the material with internal development teams.
• Responsible for integrating security tools and processes into the DevOps including automating security checks and scans during the development process. Management and evaluation of security testing tools.
• Coordinate with cross-functional teams to ensure alignment on security initiatives.
• Ensure compliance with security standards and regulatory requirements.

Requirements

• University degree in Computer science, Information technology, Systems engineering, or a qualification related to the fields of information security and information technology.
• Minimum three (3) years of working experience in cybersecurity with responsibilities such as application security reviews, application security testing, threat modeling and secure coding.
• Proficiency in programming languages, development or scripting experience and skills.
• Experience with vulnerability management, application penetration testing, application security, dynamic mobile app analysis, cryptography.
• Excellent knowledge of secure coding practices and experience in identifying security issues through code review.
• Experience with common security libraries, static and dynamic analysis tools, and penetration testing tools.
• Excellent knowledge of Azure environment.

Other skills

• Excellent and professional communication (written and verbal) and interpersonal skills.
• Excellent oral and written skills in English.
• Strong attention to detail with analytical and problem-solving skills.

Benefits

• Competitive Salary (based on experience);
• Annual bonus based on your performance and targets’ achievement;
• Top of the Line tools and equipment;
• Private health insurance for you and your family;
• Career development and regular feedback to develop your skills;
• A chance to grow within a stable, fast-moving European Fintech Company/Neobank.