Role Summary
We seek an Application Security Engineer to strengthen our Information Security Team by safeguarding the integrity of Haystack’s fast-expanding fintech platform and preserving the confidence our customers place in our systems.
You will collaborate closely with Engineering, DevOps, and Product teams to integrate security measures throughout the application lifecycle, from initial design to final deployment. Your responsibilities will include conducting penetration testing and managing vulnerabilities, as well as fostering a culture of secure development practices. As the dedicated security expert, you will ensure that security is a foundational element in all development initiatives.
Do you relish solving complex technical problems, safeguarding critical systems with enthusiasm, and working within a dynamic, team-driven setting? If so, this position is tailored to your strengths.
What You’ll Do
As an Application Security Engineer/Analyst, you will play a pivotal role in enhancing our security framework by collaborating closely with engineering and product teams. Among your core duties will be responsibilities that include:
Conduct comprehensive security assessments for web and mobile applications, as well as API security testing, to identify vulnerabilities and risks. Perform threat modeling to anticipate potential security threats, conduct secure code reviews to ensure adherence to best practices, and analyze the attack surface to determine exposure. Additionally, provide support for Static Application Security Testing (LAST) and Dynamic Application Security Testing (LAST) initiatives to enhance overall security posture.
Assist with overseeing the vulnerability lifecycle by coordinating both internal and external security assessments, ensuring accurate scoping and adherence to deadlines. Monitor and document remediation efforts, providing timely updates on progress.
Integrate secure development practices throughout the Software Development Lifecycle (SDLC) by enforcing coding standards that prioritize security. Partner with developers, testers, and business analysts to deliver proactive security recommendations during sprint cycles. Establish and refine security frameworks, checklists, and guidelines in alignment with industry standards such as OWASP, NIST, and MITE. Conduct Develops testing and implement protective security controls to mitigate risks proactively.
Incident Response Support: Aid in the investigation and resolution of application security incidents, while contributing to post-incident analysis and the implementation of preventative measures.
Stay abreast of developments in cybersecurity, including trends, emerging threats, and attack methodologies. Proactively explore and propose cutting-edge security solutions for implementation. Continuously evaluate and refine processes to bolster the efficiency and efficacy of security assessments.
What You’ll Bring
Seeking candidates with a proven track record in the specified domain, possessing hands-on experience and a strong skill set aligned with the role’s demands. Applicants must demonstrate expertise in relevant tools, methodologies, and industry best practices to excel in the position. Essential qualifications include proficiency in key competencies, along with the ability to adapt to dynamic challenges and deliver measurable results. A commitment to continuous learning and professional development is highly valued.
With a minimum of three years of hands-on experience in application security, IT security, or software development with a security-focused approach, candidates should demonstrate a strong background in safeguarding systems and applications.
Proficiency in conducting penetration testing, executing vulnerability assessments, and performing secure code reviews is required.
Requires demonstrated expertise in Static Application Security Testing (LAST), Dynamic Application Security Testing (LAST), and established threat modeling methodologies.
Proficiency in secure software development methodologies, including adherence to the OWASP Top 10 and CWE frameworks, is required.
Seeking candidates with practical development expertise or scripting proficiency in languages such as Python, JavaScript, or Bash.
Proficiency in web application security, API security, and cloud security principles, including practical experience with cloud platforms such as AWS, Azure, or GCP, is essential.
Proficiency in Develops methodologies and the implementation of security within CI/CD pipelines is essential.
Proven ability to convey intricate security concepts with clarity, ensuring comprehension among both technical and non-technical stakeholders.
A collaborative mindset, complemented by the capacity to engage effectively across diverse functional teams, is essential.
Preferred Qualifications include a Bachelor’s degree in Computer Science, Engineering, or a related field, along with 3–5 years of relevant experience in software development or a similar technical role. Strong proficiency in programming languages such as Python, Java, or C++ is essential, as is familiarity with software development methodologies like Agile or Scrum. Candidates should demonstrate experience with cloud platforms such as AWS, Azure, or Google Cloud. Excellent problem-solving skills, effective communication abilities, and a proven track record of delivering high-quality software solutions are also required.
Education
A Bachelor’s degree in Computer Science, Information Security, Cybersecurity, Software Engineering, or a related technical discipline is required.
Professional candidates should possess formal academic training or independent study in key areas such as application security, cryptography, or secure software development methodologies.
With a proven track record in related roles, you bring hands-on experience that complements the core requirements of this position. Your background includes exposure to industry-relevant tools, methodologies, or environments, enabling you to contribute meaningfully from day one. Whether through internships, freelance work, or prior employment, you’ve developed skills that align with the demands of this opportunity, demonstrating adaptability and a commitment to professional growth.
Experience in either a development or Develops setting is required.
Demonstrates a solid grasp of fintech compliance frameworks, including PCI DSS, ISO 27001, SOC 2, GDPR, and NDPR.
Possesses practical expertise in conducting security assessments for mobile applications, specifically on iOS and Android platforms.
Proficiency in the MITE ATTACK framework or comparable threat intelligence methodologies is required.
Individuals seeking to engage with bug bounty initiatives or CTF challenges are encouraged to apply, as these experiences provide valuable hands-on opportunities to identify and resolve security vulnerabilities. Familiarity with these programs or competitions is preferred, demonstrating practical expertise in cybersecurity and problem-solving skills.
Submit your application by following the outlined method specified in the job posting to ensure your materials are reviewed.
To submit your application, please utilize the provided link(s) on the company’s official website.
Qualifications
BA/BSc/HND
Experience Required
3 years
