Lead Application Security Engineer

Level: Senior / StaffThe Mission:

To act as the primary architect for the digital bank's secure coding lifecycle. You will lead the effort to integrate security tools into the development pipeline and personally threat-modelthe bank's most critical financial features.

Key Responsibilities: Threat Modeling: Lead design reviews for new banking features (Payments,Transfers, KYC). Identify logic flaws before code is written.

Pipeline Automation: Architect and maintain the SAST/DAST/SCA tooling in theCI/CD pipeline (e.g., SonarQube, Snyk, GitLab CI) to block vulnerabilities automatically.

Code Review: Perform manual code audits on high-risk components(Authentication, Ledger logic) in Java, Kotlin, or Swift.

Cloud & AI Patterns: Deliver API, container, cloud, and AI security designpatterns. Ensure that developers have paved roads (secure templates) for deploying microservices and AI models.

Culture: Act as a mentor to the development team, running secure coding workshopsand championing a Security Champion program.Technical Requirements:

5+ years in Application Security with a background in Software Development.

Proficiency in at least one core language: Java (Spring Boot), Node.js, or Go.

Deep understanding of OWASP Top 10 and SANS Top 25.

Experience with CI/CD integration (Jenkins, GitHub Actions).

Bonus: Experience in Fintech or Banking.