Associate Application Security Engineer
Here at Pleo, we're onboarding new customers with Sonic.gif speed, which is amazing don't get me wrong, but the larger we become, the bigger the temptation from cyber criminals. As you may already know, we are in the FinTech business, and we handle money for our customers. So this is not just about protecting a company from a password leak that allows malicious actors to post not-funny cat videos to your SoMe account - this is about directly protecting our customers' money. Well, this is where you (hopefully) come in!
This role focuses solely on the application security side. We are talking about both security of our application and ensuring our internal dev practices improve our product security maturity. What we're looking for is someone to be part of making all of this happen. Our ideal candidate is someone with coding knowledge, some familiarity with security tooling think Burp Suite and a strong passion or desire to learn more about the industry.
To give you a better idea, here are some tasks you might do as an Associate Application Security Engineer at Pleo.
There will be a lot of flexibility in this role depending on your interests and skills, but as an Associate you will most likely:
Your profile
We don't really care about certificates, degrees, and all that jazz. However, we won't penalise you for talking about your super relevant degree in information security computer science or showing off your brand new certifications. We also don't need you to have any industry experience in information security, and would of course love for you to tell us about any transferable experience that you think is relevant for the job.
Show me the benefits!
This role focuses solely on the application security side. We are talking about both security of our application and ensuring our internal dev practices improve our product security maturity. What we're looking for is someone to be part of making all of this happen. Our ideal candidate is someone with coding knowledge, some familiarity with security tooling think Burp Suite and a strong passion or desire to learn more about the industry.
To give you a better idea, here are some tasks you might do as an Associate Application Security Engineer at Pleo.
- Assist in dispatching managed Bug Bounty program findings to appropriate teams and follow up as directed
- Assist Senior team members on feedback to engineering teams during threat modelling sessions
- Work on scoped security tasks under supervision, including basic authentication, encryption, and partner integration tasks
- Assist in reviewing and understanding common security issues in code reported in our bug bounty program, and relay common best practices and guidance to developers
- Provide basic technical support to the GRC and DevOps team in developing and maintaining security automation in the CI/CD pipeline under the guidance of senior team members
There will be a lot of flexibility in this role depending on your interests and skills, but as an Associate you will most likely:
- Participate in threat modelling sessions suggesting mitigations to potential threats
- Assist technical security assessments on our web applications and mobile application
- Participate in projects while supporting a long-term security vision
- Continuously reflect on how we’ve aimed to balance automation in controls and processes against our defined data classifications while providing access and meeting the needs of the company
Your profile
- You recognize that communication is a core part of your job within application security
- You are pragmatic in your approach to security - and keen on learning the goldilocks principle. You’re starting to see that risk drives effort, effort drives cost, not the other way around
- You agree security isn’t simple, but about understanding complex systems and applying/recycling creative thinking to interesting problems
- You love learning new things and enjoy working with problem areas you aren't an expert in (yet) and keen to become one
- You are honest and unafraid to state things exactly like they are - acknowledging and communicating what's broken is the first step to fixing things.
Other Jobs You May Be Interested In
Remote Data Entry, No Experience, $40/hr, Part-TimeVirtual Assistant, $45/hr, Remote, No Experience, Night Job
Entry-Level Remote Data Entry, $50/hr, Evening Job
Customer Support, No Degree, $40/hr, Remote, Weekend Job
Remote Phone Job, $42/hr, Part-Time, College Student Friendly
Virtual Assistant, $40/hr, Remote, No Degree, Night Job
Part-Time Data Entry, $45/hr, Remote, College Student Friendly
Remote Moderator, No Degree, $50/hr, Evening, Weekend Job
Remote Customer Support, $42/hr, Night Job, No Experience
Live Chat Support, $40/hr, Remote, Entry Level, Part-Time
Virtual Assistant, Remote, $42/hr, Weekend, No Experience
Remote Data Entry, $45/hr, No Degree, Night Shift
Part-Time Customer Support, $40/hr, Remote, College Student
Remote Live Chat, $50/hr, Part-Time, Evening/Night Job
Entry Level Phone Job, $42/hr, Remote, No Degree Required
Weekend Data Entry, $45/hr, Remote, No Experience
Remote Virtual Assistant, $40/hr, Evening, Part-Time Job
Remote Moderator, $42/hr, Part-Time, Weekend, No Degree
Data Entry, $45/hr, Remote, Night Shift, College Student Job
Phone Support, Remote, $50/hr, No Experience, Part-Time
Virtual Assistant, No Experience, $42/hr, Remote, Weekend
Remote Customer Support, $45/hr, Part-Time, College Student
Data Entry, Remote, $40/hr, Night Shift, No Degree
Evening Virtual Assistant, Remote, $45/hr, No Experience
Weekend Customer Support, $42/hr, Remote, College Student
Remote Data Entry, $50/hr, No Experience, Evening/Night Job
Remote Live Chat, $40/hr, Part-Time, No Degree Required
Virtual Assistant, $42/hr, Remote, Weekend, Entry Level
Remote Phone Support, $45/hr, Evening, No Experience Required
Data Entry, No Experience, $50/hr, Remote, College Student
Remote Moderator, $40/hr, Weekend, No Degree, Part-Time
Live Chat Support, Remote, $42/hr, Night Shift, College Student
Phone Job, $50/hr, Remote, No Degree, Part-Time, Weekend
Data Entry, $45/hr, Remote, Evening, No Experience Required
- You can confidently read server-side languages (we mostly use Kotlin and TypeScript but we know you can learn new languages)
- You’ve read up on common security flaws and resolutions as published by OWASP, SANS, etc
- You have some experience in reviewing security issues during a code review
- You’re keen on understanding and gaining experience with common security libraries, and common security flaws
- You have played a bit with common web application testing tools (e.g., Burp Suite) and/or SCA/SAST tools
- Experience coding using Java or Kotlin and securing applications running on JVM
- Experience working in the industry with software development teams
- Experience with cloud services such as AWS, Azure and/or GCP services
We don't really care about certificates, degrees, and all that jazz. However, we won't penalise you for talking about your super relevant degree in information security computer science or showing off your brand new certifications. We also don't need you to have any industry experience in information security, and would of course love for you to tell us about any transferable experience that you think is relevant for the job.
Show me the benefits!
- Your own Pleo card (no more out-of-pocket spending!)
- Lunch is on us - with catering in our Lisbon, Copenhagen and London offices or a monthly lunch allowance paid directly together with your salary in other markets 🍜
- Private health insurance to ensure you’re fit in body and mind to do your best work
- We offer 25 days of holiday + your public holidays
- Flexibility/remote working options
- Option to purchase 5 additional days of holiday through a salary sacrifice
- We’re trialling MyndUp to give our employees access to free mental health and wellbeing support with great success so far ❤️🩹
- Access to LinkedIn Learning - acquire new skills, stay abreast of industry trends and fuel your personal and professional development continuously
- Paid parental leave - we want to make sure that we're supportive of families and help you feel that you don't have to compromise your family due to work 👶