What youll do:
Review and approve secure architecture designs for all developments for our customers, partners, integrators or in-house solutions, considering best practices, regulatory requirements and business objectives.
Assist in creating or researching for security solutions solving security challenges, both on-prem and in the cloud.
Collaborate with cross-functional teams (mainly R&D and DevOps/DevSecOps) to define security requirements and design robust security controls for systems, both on-prem and in the cloud.
Provide technical guidance and expertise to internal teams in selecting and integrating in-house solutions or third-party vendors.
Design and implement cloud security solutions, such as network security, identity and access management, data protection and encryption.
Stay up-to-date with the latest security technologies, threats, and trends, and provide recommendations for continuous improvement.
Serve as a subject matter expert on application security, providing guidance and mentorship to other teams in the company.
Who you are:
5+ years in Information Security
2+ years experience working as an Application Security Expert/Engineer/Architect or in a similar role.
Experience and in-depth understanding of CI/CD workflows and methodology (Azure DevOps is an advantage)
Strong knowledge of cloud computing platforms such as AWS, Azure, or Google Cloud, and their associated security services and features and deep understanding of cloud security principles and industry best practices.
Multi-task skills: ability to work on multiple projects in parallel, providing application security support for different teams and initiatives in the company.
Excellent communication and collaboration skills, with the ability to effectively convey complex security concepts to technical and non-technical stakeholders.
Advantage:
Bachelor's degree in Computer Science, Information Security, or a related field.
Hands-on experience with cloud security products such as Wiz, Aqua, etc.
Hands-on skills with Microsoft enterprise ecosystem, including Active Directory/Azure Entra ID, Office 365 APIs, Azure Cloud services.
Hands-on skills with AWS, Azure and GCP including work with API/SDK and CLI.
Strong knowledge and experience with Kubernetes platform and services.
knowledge and experience with Low-Code/No-Code security best practices and guidelines.
Experience in evaluating and selecting cloud security solutions from both in-house solutions and third-party vendors.
Relevant certifications (e.g., CCSP, AWS Certified Solutions Architect – Professional, Azure Solutions Architect Expert) are highly desirable.
Experience/familiarity (hands-on) with security tools integrated into our CI/CD and production environments such as SonarQube, Snyk, Aqua, etc.
Code review skills, mainly DotNet & Python.
Additional skills related to Secure Software Development Lifecycle (SSDLC) and Application Security (AppSec) further enhance the candidate's value. These skills may include risk assessments, threat modeling, vulnerability assessments or penetration testing and secure SDLC methodologies (such as Agile or DevSecOps).
Experience in fintech or financial services industry.
Familiarity with regulatory requirements and compliance standards in the financial industry, such as PCI DSS, PSD2 and GDPR.
