logo inner

Application Security Engineer

PonteraHerzliya | Tel Aviv District, IsraelHybrid, Onsite
This job is no longer open

Pontera is a fintech company on a mission to help people retire better. Our software platform enables retirement savers to get the help they need managing their 401(k) and other retirement plan accounts as part of a personalized strategy by their trusted financial advisor. 
Pontera is used by financial advisors across the nation– from SMB to Fortune 500 RIA firms, independent broker-dealers, plan custodians, and plan advisors. Backed by leading venture capital firms including ICONIQ Growth and Lightspeed Venture Partners, Pontera is built by talented individuals who share a dedication to helping people retire with greater security. Our team is fast-growing and driven to become one of the largest fintech companies in the world.  Our culture is built on a people-first principle: in a complex and numbers-driven industry, we never lose sight of the people we serve and work alongside.

That’s where you come in.We are seeking a skilled Application Security Engineer to join our security team at Pontera, a rapidly growing fintech company, pioneering innovative solutions in the financial technology space. This role encompasses a comprehensive scope of application security responsibilities, with a significant focus on web application and API security.

RESPONSIBILITIES


  • Managing vulnerabilities across our application, including identification, triaging, validation and mitigation, in collaboration with developers, product owners, and QA
  • Configuring and maintaining security testing tools integrated within the CI/CD pipeline
  • Facilitating pentests and bug bounty programs in partnership with external firms
  • Conducting secure development training to enhance team awareness and skills in security best practices
  • Collaborating with product teams to ensure security is integrated throughout the SDLC, focusing on product security from conception to deployment
  • Ensuring the security of web applications and APIs against common attack techniques
  • Developing strategies for the mitigation of potential security threats

REQUIREMENTS


  • 3-5 years of proven experience in application security
  • A collaborative team player with excellent problem-solving skills, able to work effectively across various teams and independently tackle challenges
  • Passionate about security, continuously seeking knowledge in the latest industry trends, and driven to handle complex issues with creative solutions and leadership
  • Profound knowledge and experience with OWASP guidelines are essential. The candidate must be well-versed in identifying, analyzing, and mitigating vulnerabilities in web application and API security.
  • Strong understanding and practical experience in defending against common attack vectors such as Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL Injection, and others. The ability to not only recognize but effectively mitigate these threats is critical.
  • In-depth experience with SCA, SAST, Secrets scanning, DAST.
  • Familiarity with vulnerability rating techniques and models like CVSS, CWE, OWASP Risk Rating, and DREAD.
  • Strong understanding of Java, Angular, and SQL. While not required to write code, should be able to understand and review code for security vulnerabilities.
  • Proficiency in GitHub, Jira, and IntelliJ IDEA (or similar IDEs).
  • Experience with microservices architecture and container technologies like Docker and Kubernetes.
  • Strong proficiency in English, both written and verbal, is essential.
  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. In lieu of a formal degree, substantial experience in application security or a related area will be considered.
  • Preferred Certifications: Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), GIAC Web Application Penetration Tester (GWAPT), GIAC Secure Software Programmer - .NET/Java (GSSP) or Other relevant certifications in the field of cybersecurity and ethical hacking.
  • Valuable Experience: Demonstrated experience in identifying and resolving security vulnerabilities. This can include a proven track record of filing CVEs, active participation in bug bounty programs, or achievements in CTF competitions.

WHAT WE OFFER


  • Opportunity: Have a major impact at a fast-growing startup that is revolutionizing the FinTech industry
  • Team Culture: A collegial, collaborative, fun work environment with frequent team events
  • Equity: All new hires are eligible for equity grant participation
  • Professional Development: Sponsored learning & development program
  • Work Flexibility: A hybrid office work model (In-Office Mon/Tues/Weds and WFH Sun//Thurs)


This job is no longer open

Life at Pontera

Pontera is a fintech company on a mission to be the bridge to a better retirement for millions of Americans. We do this by enabling financial advisors to manage, trade and report on individual's 401(k)s, 403(b)s, and other held away accounts. Pontera is a SOC 2 compliant platform trusted by advisors to ensure that client data is protected, and that the client retains ultimate control of their accounts. The platform is designed to seamlessly work across account types and integrate with leading portfolio management software. Founded in 2012 as FeeX, Pontera is headquartered in New York City and now serves thousands of advisors, including some of the largest RIA and Broker Dealer firms across the country. If you are interested in helping everyday people get the professional guidance they need to make the most out of their retirement savings, join us.
Thrive Here & What We Value1. Peoplefirst mentality2. Collaborative work environment3. Flexible work arrangement (hybrid office model)4. Comprehensively benefits package5. Equity grant participation6. Professional development opportunities7. Paid parental leave and family planning services8. Fully stocked kitchen and lunch reimbursement program9. Retirement plan with employer match10. Generous PTO days
View more
Your tracker settings

We use cookies and similar methods to recognize visitors and remember their preferences. We also use them to measure ad campaign effectiveness, target ads and analyze site traffic. To learn more about these methods, including how to disable them, view our Cookie Policy or Privacy Policy.

By tapping `Accept`, you consent to the use of these methods by us and third parties. You can always change your tracker preferences by visiting our Cookie Policy.

logo innerThatStartupJob
Discover the best startup and their job positions, all in one place.
Quick SearchSearch JobsSearch Remote Jobs hiring WorldwideSearch Remote Jobs in the USSearch Jobs in IndiaSearch Remote Jobs in UKSearch by Title
AreaCaliforniaMassachusettsNew YorkTexasVirginiaWashington D.C.View all
Popular SubRemote JobsWeb3 JobsiOS Developer JobsFront End Developer Remote JobsComputational Geometry JobsCannabis CareersView all
CompanyAbout UsContact usBlogCreditsCareersPrivacy PolicyCookie Policy
Copyright © 2024