Exness, a leading foreign exchange broker in the financial services field, is looking to hire an experienced Application Security Engineer to join our Team in Limassol, Cyprus.
The position is a member of IT Security function with the objective to identify existing and emerging security threats and protect Exness Group of Companies from them, maintain business continuity and regulatory compliance in respective areas. The position is a member of Information Security Team reporting to IS Team Lead
- Work directly with the business units to facilitate building secure workflows, processes, systems and services.
- Maintain effective communication and coordination with Product Development and Operations teams in security-related areas.
- Ensuring that information assets and technologies are properly protected, which includes the following:
- Development and implementation of practice-driven security controls to software development related processes.
- Development of data protection measures in product to prevent its loss and misuse.
- Software and system design review from a security perspective at all stages of software development lifecycle.
- Consulting of software development teams in a security area.
- Management of security incidents from products side, building of reliable infrastructure for its investigation and forensics.
- Continuously develop security related processes in the software development area.
- Management and development of security education programs for Software Engineers, Architects, Product Managers.
- At least 3 years of practical experience in Application Security and overall 5 years of experience in the IT/Security area.
- Ability to leverage business communication skills to inform, convince, and educate software engineers to enable effective application security activities and processes.
- Deep knowledge of most common application level vulnerabilities, ways of exploitation and protective measures.
- Practical experience in web application security research.
- Hands-on experience with modern information protection systems, including open source products.
- Deep understanding of security aspects of virtualisation, containerisation and cloud services (AWS).
- Cryptography basics.
- Broad spectrum of technical knowledge in the following areas (the list is not exhaustive): Linux family, Docker, Kubernetes, AWS, Vault, git.
- Good knowledge of basic technologies and protocols (TLS, HTTP, Web Socket, DNS, OAuth2, OIDC etc.) and threats to them.
- Hands-on experience in development and/or automation.
- English language (Upper Intermediate or higher).
Would be a plus:
- Project management experience
- OSWE/CCTAPP certifications are a plus.
- Security Operations Center or penetration testing experience.
- Digital forensics experience.
- Team management skills are a plus.
- Well developed soft skills are a plus.
- Official employment in accordance with the laws of Cyprus and the EU, registration of family members;
- Medical insurance for employees and family members + Partial dental and optical compensation for employees;
- Corporate Mini Cooper CountryMan S for all relocated employees;
- Relocation package (visa, tickets, corporate flat for 1 month) for a successful candidate and his/her family;
- Learning and development opportunities: company supports continuous development of Employees providing trainings, workshops, conferences etc;
- Company fitness center for employees and their spouses + Partial compensation for any sport activities;
- English and Greek language classes;
- Kindergarten/school compensation program;
- The best view to the sea from our own rooftop bar.