Application Security Engineer

Why this role matters

Our Application Security team creates and maintains the safest application environment for our employees and customers, maintaining a security lifecycle for inhouse applications based on microservice architecture, written mainly on Python and Golang. Our Application security engineers work with a wide stack of application security automation, including self-developed systems, maintain WAF, bug-bounty program, and are involved in awareness activities.

You will identify existing and emerging security threats in inhouse applications services and create a protected environment. Together with a team of Application security engineers, you will maintain business continuity and regulatory compliance by fostering a security culture within the company. 

You will need a team player mindset and should be ready to collaborate with other departments to solve security-related issues. In this role, you will need to be passionate about keeping services safe and driven by opportunities to mitigate vulnerabilities and risks.

The role is based in our Limassol office, Cyprus. In case of relocation, we offer full relocation support for you and your family to make your move smooth and worry-free.

What you'll actually do

• Conduct security reviews of the architecture and code of new and existing in-house applications, including constant communication and coordination with development and ops teams.

• Support SDLC and Vulnerability management processes in development teams.

• Manage bug bounty program.

• Carry out the management of security incidents, including investigations and forensics.

• Maintain, improve, and work with internal automation, ASPM, SAST, SCA, DAST, WAF, and other security tools.

• Perform awareness training for developers.

Who we’re looking for

• 4 or more years of experience in Application Security or penetration testing. Or more than 5 years in other IT Security roles

• Strong background in development or penetration testing

• Knowledge of the most common technical and logical vulnerabilities and ways of protective measures to prevent them from being exploited. 

• Strong experience in exploiting web vulnerabilities, as well as keeping up to date with the latest exploitation techniques.    

• Experience in writing and reading code in at least one programming language

• Ability to leverage business communication skills to inform, convince, and educate employees to enable practical information security activities and processes

• English proficiency level - intermediate or higher

Nice to have:

• Understanding of microservice architecture, environment, and security measures

• Understanding of security aspects of virtualization, containerization (Docker), and cloud services (AWS)

• Any industry certifications

• Pet projects, researches in the information security area, talks at conferences

• CTF or Bug Bounty Experience ;)

What we offer along the way

• Competitive salary and annual performance bonus

• Full relocation support for you and your family — flights, housing, visas, and legal assistance included

• Top-tier health insurance with full family coverage — medical, dental, vision, mental health — plus life insurance for peace of mind

• Unlimited learning opportunities: external courses, English lessons, career and leadership development

• Education allowance covering school and kindergarten fees

• 21 working days of annual leave, plus public holidays and fully paid sick, maternity, and paternity leave

• Employee appreciation program: branded gifts, birthday day-offs, celebration budgets for weddings, newborns, and milestones

• “Get to know Team” trips — meet colleagues across our global hubs, along with company-wide offsites that raise the bar

• Employee share scheme — grow with us

• Branded MINI Cooper Countryman company car and private parking

• Free in-house sports clubs, Sanctum Club gym access, and jet skis

• Access to a Corporate doctor

• Exclusive discount program with cafes, gyms, and local services

• Expat tax perks: up to 50% income tax exemption

• Support with the naturalisation process for relocated employees

At Exness, we know that changing jobs - and changing countries - is a big step. That’s why relocation with Exness is different. We make it smooth, supported, and truly life-changing.

What your journey looks like

1. Interview with a Talent Acquisition Specialist (45 minutes)

2. Short online English test (for non-native speakers)

3. Technical interview (1,5 hours)

4. Final interview (1 hour) 

What it's like here

Curious about what working at Exness really looks like? Follow us on Instagram and LinkedIn.

We share the real Exness experience - our people, ideas, moments, and everything in between.