Pepperstone
fintech
ApplicationSecurityEngineer
Neural analysis suggests this role is
optimal for Senior candidates.
“Application Security Engineer at Pepperstone. Skills: application security assessments, secure code reviews, penetration testing, CI/CD security integration, vulnerability management, secure coding practices, security-by-design, bug bounty programs, security training, cloud security principles. Perform application security assessments including threat modelling, secure code reviews, and penetration testing across web, mobile, and API surfaces. Partner with development teams to integrate security”
Industry & Context.
What They're Looking For.
Must Have
8+ years of experience in information security, at least 3 years specialising in application security or software security engineering, Solid understanding of common vulnerability classes including OWASP Top 10, business logic flaws, and API security risks, Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, Semgrep, Checkmarx, Snyk, or equivalent, Proficiency in at least one programming or scripting language (Python, JavaScript, Java, Go, or similar) to support code review and automation, Experience integrating security tooling into CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI, or similar), Familiarity with cloud security principles across AWS, Azure, or GCP, particularly as they relate to application hosting and deployment, communication skills with the ability to articulate security risk to both technical and non-technical stakeholders
Nice to Have
Relevant certifications such as OSCP, GWEB, CEH, or equivalent are advantageous, Experience in a regulated financial services or fintech environment is a plus, Fluency in Hungarian language skills are an advantage
What You'll Do.
Perform application security assessments including threat modelling
and penetration testing across web
Partner with development teams to integrate security controls into CI/CD pipelines using SAST
and secrets detection tooling
and track vulnerabilities through to remediation
working closely with engineering teams to provide actionable guidance
Define and maintain application security standards
secure coding guidelines
and developer-facing security documentation
Champion security-by-design principles and provide hands-on guidance during the design and architecture phases of new features and products
Lead and support bug bounty and responsible disclosure programmes
coordinating triage and remediation of externally reported issues
Conduct security training and awareness sessions for software engineers
embedding secure development practices across teams
Evaluate third-party libraries
open-source components
and vendor integrations for security risk
Collaborate with the broader Security team on incident response activities related to application-layer vulnerabilities
How You'll Work.
Team & Collaboration
Partner with engineering and product teams to identify, assess, and remediate security vulnerabilities; Work closely with engineering teams to provide actionable guidance on vulnerability remediation; Collaborate with the broader Security team on incident response activities; Collaborate in a globally connected and inclusive environment
Communication Scope
articulate security risk to both technical and non-technical stakeholders
Full Job Description
The Pepperstone story started in 2010. We know what it’s like to trade the world’s markets. Our team describes us as a place for the curious and the driven, and we like to do things a little differently; as a transformative global fintech we’re digital, nimble, connected, and united in our vision to create a better way to trade. We thrive on progress – for our clients and for ourselves. Our organisational culture is ever-evolving, vibrant, diverse, global and results focused. You’ll find our **700+** team across **12** regions and **9** time zones. **The Role ** The Application Security Engineer exists to embed security throughout the software development lifecycle at Pepperstone. You will partner with engineering and product teams to identify, assess, and remediate security vulnerabilities in our applications and APIs, ensuring that security is a first-class citizen in every release. You will drive adoption of secure coding practices, conduct application security assessments, and help build a security-aware engineering culture across the organisation. This **position reports to Head of Product Security, Limassol, Cyprus**. Our team is made up of individuals from all walks of life, each bringing unique experiences and perspectives that enrich our work and culture. We truly value this diversity and are excited to welcome someone who is open-minded, adaptable, and enthusiastic about collaborating in a globally connected and inclusive environment. ** What You’ll Be Doing** * Perform application security assessments including threat modelling, secure code reviews, and penetration testing across web, mobile, and API surfaces. * Partner with development teams to integrate security controls into CI/CD pipelines using SAST, DAST, SCA, and secrets detection tooling. * Identify, triage, and track vulnerabilities through to remediation, working closely with engineering teams to provide actionable guidance. * Define and maintain application security standards, secure coding gui
Applying for this Application Security Engineer role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
ANONYMOUS · UNFILTERED
What do employees actually say about Pepperstone?
Real rants from real employees. Read before you apply.