Application Security Engineer (FinTech)

TL;DR

Application Security Engineer (FinTech): Embedding security into the software development lifecycle and protecting customer-facing and internal applications from vulnerabilities and abuse with an accent on secure SDLC ownership, security tooling, threat modeling, and security testing. Focus on building repeatable practices for fast feature delivery while maintaining strong security posture and close cooperation with development, product, and cloud/infrastructure teams.

Location: Hybrid Model in Limassol, Cyprus (3 days from the Office, 2 days from home).

Company

hirify.global is a global leader in trading with over 15 years of success, focused on financial technology innovation.

What you will do

• Define and maintain the secure software development lifecycle, introducing security requirements and checkpoints.
• Take operational ownership of automated application security tooling (SAST, SCA, DAST) and integrate them into CI/CD pipelines.
• Lead threat modeling sessions and perform security-focused design reviews for new applications and changes.
• Define and maintain API and web application security standards, collaborating on runtime protections.
• Plan and coordinate internal and external application security testing, tracking remediation activities.
• Create secure coding guidelines, deliver training, and foster a community of security-minded engineers.

Requirements

• Professional experience in application or product security with significant interaction with software engineering teams.
• Practical background in at least one modern application stack and familiarity with common web and API architectures.
• Hands-on experience with secure SDLC practices, automated security testing, dependency management, and threat modeling.
• Strong understanding of common web, API, and mobile security risks and relevant industry references and standards (e.g., OWASP Top 10).
• Ability to read and reason about code in at least one of the main languages used internally and to give actionable guidance.
• Strong communication skills to translate complex security topics into clear, practical guidance for engineers and product stakeholders.

Nice to have

• Degree in Computer Science, Information Security, Engineering, or a related discipline, or equivalent practical experience.
• Relevant security or application-focused certifications (e.g., CISSP, OSCP, CSSLP).
• Interest in staying current with emerging application security threats, techniques, and defensive practices.

Culture & Benefits

• Competitive pay reflecting skills and experience, with ongoing learning and clear paths to advancement.
• Work-life balance with 22 days of annual leave and 12 paid sick days.
• Full medical insurance coverage after 6 months and access to a provident fund.
• Fully stocked kitchen with fresh fruit, snacks, and beverages, plus a delicious daily lunch buffet.
• Paid overtime, dedicated budgets for learning and development, and referral bonuses.
• Team events, team-building activities, gym facilities, organized sports, and relaxing spa treatments.
• Enjoy a relaxed Friday drink with colleagues to close the week on a high note.