Responsibilities
Secure Development Lifecycle (SDLC) Implementation
Design and implement secure software development practices Integrate security gates into CI/CD pipelines following DevSecOps principles Establish security quality gates and acceptance criteria Develop secure coding standards based on OWASP guidelines Create security architecture patterns and reference implementations
Security Code Reviews & Testing
Conduct in-depth security code reviews for critical features Implement automated security testing (SAST, DAST, IAST, SCA) Configure and tune security scanning tools (Aquasec, Trivy, Dependabot, etc) Review cryptographic implementations against industry standards Validate authentication and authorization implementations Ensurepliance with OWASP ASVS (Application Security Verification Standard)
Threat Modeling & Risk Assessment
Lead threat modeling sessions using STRIDE, PASTA, or similar frameworks Create threat models for new products and architectural changes Identify attack vectors specific to web and mobile platforms Develop abuse cases and security test scenarios Maintain threat intelligence for fintech-specific risks Document security requirements derived from threat models
Platform-Specific Security
Web Applications:Implement defenses against OWASP Top 10 vulnerabilitiesMobile Applications:Apply OWASP MASVS and platform-specific guidelines (iOS App Transport Security, Android Network Security Config)APIs:Implement API security best practices (rate limiting, authentication, input validation) Cross-platform session management and secure data storage
Security Tooling & Automation
Build and maintain security testing pipelines Integrate security tools with GitHub Actions Develop custom security linters and premit hooks Create automated vulnerability tracking and remediation workflows Implement secret scanning and dependency checking Build security dashboards and metrics reporting
Developer Enablement & Training
Create secure coding guidelines for different technology stacks Develop a security champions program aligned with OWASP SAMM Conduct security training on platform-specific vulnerabilities Provide hands-on guidance during security incidents Build internal security libraries and frameworks Create threat modeling templates and playbooks
Required Qualifications
Technical Expertise
5+ years of application security experience Strong programming skills in multiple languages (Python, JavaScript/TypeScript, Golang) Deep understanding of security vulnerabilities across web and mobile platforms Hands-on experience with security testing tools and methodologies Expertise in secure coding practices and design patterns Experience with modern development frameworks (React, Angular, ReactNative, Flutter)
Security Domain Knowledge
Expert knowledge of OWASP standards (Top 10, ASVS, SAMM, MASVS) Understanding of cryptographic principles and secure implementations Experience with threat modeling methodologies Knowledge of authentication standards (OAuth2, OIDC, WebAuthn) Familiarity with PCI-DSS, PSD2, and Strong Customer Authentication requirements Understanding of cloud-native security patterns
Code Review & Analysis Skills
Ability to identify security vulnerabilities through manual code review Experience with static and dynamic analysis tools Understanding ofmon vulnerability patterns across languages Knowledge of secure architecture patterns and anti-patterns Ability to provide actionable remediation guidance
Professional Requirements
Experience in financial services or high-security environments Strongmunication skills to explain security risks to developers Ability to balance security requirements with development velocity Collaborative approach to working with engineering teams Technical writing skills for documentation and guidelines
Preferred Qualifications
Experience with payment systems and transaction security Knowledge of mobile app protection Experience building security champions programs Background in penetration testing or security research
Key Projects & Initiatives
You'll lead critical security initiatives, including:
Building threat modeling practice for all products Establishing automated security testing in CI/CD pipelines Creating platform-specific security standards and libraries Developing a security training curriculum for 200+ developers
What We Offer
Direct impact on the security of products used by thousands of businesses Work with cutting-edge fintech products across multiple platforms Collaborate with talented engineers across 25+ countries Modern security tooling and testing infrastructure Investment in professional development and certifications Clear progression path to Staff/Principal roles
#LI-AT1
#HYBRID
About Us
Ebury is a FinTech success story, positioned among the fastest-growing internationalpanies in its sector.
Founded in 2009, we are headquartered in London and have more than 1700 staff with a presence in more than 29 markets worldwide. Cultural diversity is part of what makes Ebury a special place to be. From Sao Paulo to Dubai, Vancouver to Auckland, we enjoy sharing team experiences and celebrating success across the Ebury family.
Hard work pays off: in 2019, Ebury received a £350 million investment from Banco Santander and has won internationally recognised awards including Financial Times: 1000 Europe's Fastest-Growingpanies.
None of this would have been possible without our proudest achievement: our great people. Enthusiastic, innovative and collaborative teams, always ready to disrupt and revolutionise the fast-paced FinTech sector.
At Ebury, we'remitted to building a workplace where everyone feels valued, supported, and empowered to thrive. We're proud to have active employee networks and ESG initiatives that reflect our inclusive culture, including ourWomen's Network,LGBTQIA+ Network, andVeterans Network. Thesemunities provide spaces for connection, mentorship, advocacy, and collaboration across our global teams.
We believe in inclusion. We stand against discrimination in all forms and have no tolerance for the intolerance of differences that makes us a modern and successful organisation. At Ebury, you can be whoever you want to be and still feel a sense of belonging no matter your story because we want you and your uniqueness to help write our future.
Please submit your application on the careers website directly, uploading your CV / resume in English. Job ID 4643965101
