Application Security Engineer at Fluent Trade Technologies

Warsaw, Masovian Voivodeship, Poland -

Full Time

Start Date

Immediate

Expiry Date

11 Aug, 26

Salary

0.0

Posted On

13 May, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

SAST, DAST, SCA, Penetration Testing, Secure Code Review, C++, Java, Python, OWASP Top 10, API Security, Threat Modeling, CI/CD Pipelines, Vulnerability Triage, OAuth2, JWT, SAML

Industry

Software Development

Description

Fluent Trade Technologies is a global Fintech leader, providing high-performance technology to the world’s largest banks and brokers. We specialize in ultra-low latency solutions and market data, operating R&D centers in Jerusalem alongside global development and sales hubs across Europe, Asia and the US. We are seeking a skilled Mid-Level Application Security Engineer to join our growing security team. In this role, you will be responsible for embedding security throughout the software development lifecycle — from design reviews to automated testing pipelines. This is a hands-on technical role that requires both a strong engineering mindset and practical AppSec expertise. Key Responsibilities Own and operate SAST, DAST, and SCA tools (Checkmarx, Veracode, Semgrep, Snyk, or equivalents) across CI/CD pipelines. Conduct manual and automated application security testing on web, API, and desktop trading components. Triage, validate, and prioritize vulnerability findings; work with developers on remediation plans and track to closure. Build and maintain automation scripts and integrations to scale security testing across teams (Python, bash, or equivalent). Perform security design reviews for new features, architectures, and third-party integrations. Conduct secure code reviews across C++, Java, and Python codebases, providing actionable, developer-friendly feedback. Plan and execute web application penetration tests against internal and customer-facing applications, APIs, and trading interfaces. Simulate real-world attack scenarios including injection attacks, authentication bypass, business logic flaws, and session manipulation. Requirements 3–6 years of hands-on application security or software security engineering experience. Proven experience running SAST and DAST tools in enterprise environments (Checkmarx / CxOne, Fortify, Veracode, or equivalent). Proficiency in C++, Java, and Python — ability to read, understand, and review code for security flaws. Hands-on experience performing web application penetration tests with documented findings and reports. Ability to write scripts and tooling to automate security tasks and integrate with APIs. Strong understanding of OWASP Top 10, CWE, CVE, and common exploit patterns in financial/trading software Familiarity with REST APIs, authentication mechanisms (OAuth2, JWT, SAML), and secure communication patterns. Preferred Qualifications Experience in fintech, capital markets, or trading platform environments (strong advantage). Familiarity with cloud security (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes). Knowledge of ISO 27001 or SOC 2 compliance requirements as they relate to application security. Certifications: CSSLP, GWEB, CEH, OSCP, or similar. Experience with threat modeling methodologies such as STRIDE or PASTA

Responsibilities

Embed security throughout the software development lifecycle by managing SAST, DAST, and SCA tools within CI/CD pipelines. Perform security design reviews, secure code reviews, and penetration tests on web, API, and desktop trading components.