Application Security Engineer

About Payoneer

Founded in 2005, Payoneer is the global financial platform that removes friction from doing business across borders, with a mission to connect the world’s underserved businesses to a rising global economy. We’re a community with over 2,500 colleagues all over the world, working to serve customers, and partners in over 190 countries and territories.

By taking the complexity out of the financial workflows–including everything from global payments and compliance to multi-currency and workforce management, to providing working capital and business intelligence–we give businesses the tools they need to work efficiently worldwide and grow with confidence.

Position Overview: We are seeking an Application Security engineer to join our Cyber Team in Payoneer. In your role, you will be responsible for overall Application Security standards, guidelines, and requirements for the WFM organization (formally known as Skuad, acquired by Payoneer), aligning them to the Payoneer global application security policies and standards. Your expertise in secure architecture, design, and SSDLC will play a crucial role in ensuring the security of our products and the protection of our sensitive data. In addition, you will be serving as a Cyber Operations representative within your organization, helping the Payoneer global cyber security team in the overall policies and methodologies within your organization.

Responsibilities:

Secure SDLC Leadership: Lead and manage all aspects of the SSDLC, driving "shift-left" initiatives and secure-by-design principles to identify and remediate risks early in the development cycle.

Risk Assessment & Threat Modeling: Perform design reviews and threat modeling for product environments and third-party integrations, aligning security with business objectives and regulatory requirements, while training and empowering R&D teams to conduct their own threat modeling to ensure security is built-in from the start.

Security Controls Ownership: Oversee the implementation and management of security tools, scan policies, and vulnerability management processes to ensure consistent enforcement across the organization.

Offensive Security Management: Own the third-party penetration testing program and manage the bug bounty lifecycle, including vendor engagement, scheduling, and the validation and triage of findings.

Organizational Alignment: Partner with the Payoneer global Application Security and Cyber Operations teams to align local security posture with corporate policies and controls.

Subject Matter Expertise: Serve as a technical authority and mentor on application security, providing guidance to internal teams on selecting and integrating security solutions.

Incident Response & Infrastructure: Lead cybersecurity incident handling in production environments while enhancing cloud infrastructure security posture at scale.

Requirements:

• 3+ years of experience in security architecture, software development, or cloud security, including at least 1 year in a leadership or senior advisory role.

• Deep hands-on experience with secure coding, application architecture, security automation, and threat modeling, including the ability to train R&D teams in performing their own assessments.

• Strong proficiency in Google Cloud Platform (GCP) or other major public clouds, with a comprehensive understanding of cloud-native security services and principles.

• In-depth knowledge of OWASP Top 10, ASVS, and industry-standard secure software development frameworks.

• Solid understanding of networking fundamentals, including TCP/IP, firewalls, VPNs, and proxy servers.

• Proven ability to interpret and prioritize results from penetration testing and bug bounty programs; hands-on pentesting experience is a significant plus.

• Excellent verbal and written English skills, with the ability to convey complex security concepts to both technical and non-technical stakeholders.

• Ability to manage multiple parallel initiatives while providing consistent AppSec support and constructively challenging architectural assumptions across teams.

Advantages:

• Bachelor's degree in Computer Science, Information Security, or a related field.

• Professional security certifications such as CISSP, CISM, CCSP, or OSCP.

• Hands-on experience with Google Cloud Platform (GCP) security services and best practices.

• Experience with cloud security posture management and protection platforms like Wiz, Aqua, or similar tools.

• Strong knowledge of Kubernetes architecture, container security, and orchestration services.

• Hands-on experience integrating security tools into CI/CD pipelines and production environments (SAST, SCA, DAST, etc.).

• Experience within the fintech or financial services industry, as well as financial regulatory requirements and compliance standards, including PCI DSS, PSD2, and GDPR.

#LI-AK1

The Payoneer Ways of Working

Act as our customer’s partner on the inside
Learning what they need and creating what will help them go further.

Do it. Own it.
Being fearlessly accountable in everything we do.

Continuously improve
Always striving for a higher standard than our last.

Build each other up
Helping each other grow, as professionals and people.

If this sounds like a business, a community, and a mission you want to be part of, apply today.

We are committed to providing a diverse and inclusive workplace. Payoneer is an equal opportunity employer, and all qualified applicants will receive consideration for employment no matter your race, color, ancestry, religion, sex, sexual orientation, gender identity, national origin, age, disability status, protected veteran status, or any other characteristic protected by law. If you require reasonable accommodation at any stage of the hiring process, please speak to the recruiter managing the role for any adjustments. Decisions about requests for reasonable accommodation are made on a case-by-case basis.