Application Security Engineer (Fintech)

TL;DR

Information Security Engineer (AppSec): Designing and building secure applications and systems by performing security assessments, penetration testing, and managing bug bounty programs with an accent on secure architecture and threat modeling. Focus on integrating security into the SDLC, evaluating emerging threats, and collaborating with engineering teams to enhance detection and response capabilities.

Location: Remote in Poland, Porto, Portugal, Romania, Spain, UAE or onsite in Dubai, Krakow, Lisbon, Madrid.

Salary: Krakow/Poland: PLN20,200–PLN29,100 gross monthly.

Company

hirify.global is building a global financial super app with products for spending, saving, investing, exchanging, and travel for over 70 million customers.

What you will do

• Perform security assessments on product designs, mobile apps, web applications, and APIs.
• Participate in Red Team missions and conduct penetration testing across applications, infrastructure, and APIs.
• Manage and evolve the private bug bounty program, validating submissions and ensuring timely resolution of findings.
• Contribute to cloud security posture, identifying misconfigurations and implementing best practices across GCP and AWS.
• Partner with engineering teams to embed security into the software development lifecycle, offering guidance on secure architecture and threat modelling.
• Develop and enforce internal AppSec standards, policies, and practices aligned with OWASP and NIST.

Requirements

• 3+ years of hands-on experience in application security or penetration testing.
• Solid understanding of common web, mobile, and API vulnerabilities (OWASP Top 10, CWE).
• Experience conducting code reviews, design reviews, and threat modelling for modern application architectures.
• Familiarity with DevSecOps practices and integrating security tooling into CI/CD pipelines.
• Working knowledge of authentication, authorisation, session management, and cryptographic best practices.
• Proficiency with security tools, such as Burp Suite, MobSF, Frida, or custom scripts.
• Basic understanding of cloud security principles and experience working with GCP or AWS environments.
• Great communication skills with the ability to collaborate effectively with Engineering, Product, and DevOps teams.
• Proactive mindset with a passion for solving complex problems and driving secure engineering practices.

Nice to have

• Experience participating in Red Team exercises, managing bug bounty programmes, or contributing to open-source security tools or research.

Culture & Benefits

• Certified as a Great Place to Work™.
• Diverse and inclusive multicultural team committed to a D&I Framework.
• Work on building great products, redefining success, and turning complexity into simplicity.
• Opportunities for continuous research and evaluation of emerging threats, tools, and technologies.
• Contribute to internal security training sessions, knowledge sharing, and mentoring of junior team members.
• Work independently while also being a trusted team player in a fast-paced environment.