AppSec Engineer (Fintech)

TL;DR

AppSec Engineer (Fintech): Design, implement, and operate the Secure Software Development Lifecycle (SSDLC) end to end for web, mobile, API, and AI-enabled services with an accent on embedding security requirements, threat modeling, testing, and vulnerability management. Focus on achieving high coverage of critical flows, reducing post-release vulnerabilities, and integrating automated testing into CI/CD pipelines.

Colombia-based company serving local market

Company

Leading Buy Now, Pay Later financial platform in Colombia, providing banking and commerce services to millions of customers and thousands of merchants, backed by world-class investors.

What you will do

• Design and implement standardized SSDLC across services, targeting ≥90% coverage of critical flows and ≥50% team adoption by end of 2026.
• Establish threat modeling for new and high-risk applications using frameworks like STRIDE, ensuring ≥60% of critical services have documented models.
• Own end-to-end vulnerability management, remediating ≥70% of critical issues within SLAs.
• Implement automated security testing (SAST, DAST, secrets, dependencies, mobile) in CI/CD, achieving ≥80% coverage.
• Plan and manage security assessments, penetration tests, and adversarial exercises for critical applications.

Requirements

• Hands-on experience with appsec tools like Burp Suite, MobSF, trufflehog, Nuclei, SAST, DAST, mobile testing; tune for low false positives and CI/CD integration.
• Expertise in threat modeling (DREAD, PASTA, STRIDE), OWASP Top 10, API/mobile/web/AI risks; translate to security requirements.
• Strong vulnerability management skills, prioritization by impact, collaboration with engineering for remediation.
• 3+ years coordinating pentests, assessments, red team exercises; root cause analysis and tracking.
• Hands-on development in Java or Python; cross-functional collaboration and developer enablement.

Culture & Benefits

• Work on impactful fintech problems redefining payments and banking in Colombia.
• High-growth environment with influence on technology, strategy, and culture.
• World-class team emphasizing excellence, ownership, collaboration.
• Competitive salary, equity, and comprehensive benefits.

Hiring process

• People Interview (30 min) with recruiter/hiring manager.
• Initial Interview (60 min) with Head of Cybersecurity.
• Deep Dive Interview (60 min) with team members.
• Case Study (3-5 days) on real-world challenge.
• Co-Founder Interview for final alignment.