Security Engineer
Security Engineer
Security Engineer (Product Security & On-Ramp Ownership)
Remote
Full-Time
About the role
Application
A leading global fintech company operating in the payments and digital assets sector are seeking a hands-on Security Engineer to take ownership of product security operations and strengthen its overall application security posture. This role is ideal for someone who thrives in fast-paced environments, enjoys solving complex security challenges, and takes accountability for outcomes from detection through remediation.
As one of the first dedicated hires within the security function, you will play a critical role in protecting customer-facing products against fraud, abuse, and emerging threats. Working closely with Engineering, Product, DevOps, Fraud, and senior leadership teams, you will drive security improvements, establish best practices, and help build a scalable security operations capability for the future.
Key Responsibilities:
Take ownership of security processes across critical product workflows and user journeys.
Detect, investigate, and respond to fraud attempts, abuse patterns, and security incidents.
Analyse logs, behaviours, and technical signals to identify suspicious activity and emerging threats.
Conduct threat modelling exercises and recommend security enhancements.
Collaborate with Product and Engineering teams to implement secure-by-design solutions.
Perform application security reviews and identify business logic vulnerabilities.
Support incident response activities, including attack reproduction, root cause analysis, and remediation planning.
Introduce secure development standards and promote application security best practices.
Develop and enhance security tooling, monitoring, detection, and automation capabilities.
Contribute to the evolution of the organisation's broader security operations framework.
Requirements:
Experience as a Security Engineer, Application Security Engineer, Security Operations Engineer, Penetration Tester, or Software Engineer with strong security expertise.
Strong background in application security and secure software development practices.
Proficiency in one or more backend technologies such as Python, Go, Node.js, Java, or PHP.
Deep understanding of OWASP Top 10, CWE categories, and business logic vulnerabilities.
Experience with threat modelling methodologies and secure architecture principles.
Hands-on experience with application security testing and vulnerability analysis.
Familiarity with SAST, DAST, or similar security assessment tools.
Experience supporting security incidents and conducting root cause investigations.
Understanding of cloud security concepts, AWS environments, and container security fundamentals.
Strong analytical thinking, communication skills, and the ability to work independently.
Preferred Experience:
DevSecOps and security automation initiatives.
API and microservices security best practices.
Cryptocurrency, fintech, payments, or other regulated industry experience.
Knowledge of MiCA, DORA, or related regulatory frameworks.
Experience with abuse detection, bot mitigation, and rate-limiting controls.
Infrastructure-as-Code security and CI/CD security tooling.
Ideal Candidate:
Demonstrates strong ownership and accountability.
Remains calm and effective during critical incidents.
Brings a structured and analytical approach to problem-solving.
Influences stakeholders through collaboration rather than authority.
Works effectively across Engineering, Product, Fraud, and Compliance teams.
Proactively identifies risks and drives improvements without waiting for direction.
Success Measures:
Improved visibility into product security risks and incidents.
Faster and more effective incident detection and response.
Reduction in fraud, abuse, and partner-related security issues.
Stronger collaboration between Security and cross-functional teams.
Enhanced application security maturity and sustainable security processes.
