Mid - Senior Cybersecurity Engineer at MONEYME

Pasig, Metro Manila, Philippines -

Full Time

Start Date

Immediate

Expiry Date

19 Mar, 26

Salary

0.0

Posted On

19 Dec, 25

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Application Security, Vulnerability Remediation, Secure SDLC, Threat Modelling, DevSecOps, SAST, DAST, OWASP, Cloud Security, Technical Controls, Incident Response, Threat Intelligence, Purple Teaming, Security Testing, Secure Coding Practices, Risk Assessment

Industry

Financial Services

Description

About MONEYME: MONEYME is a founder-led digital lender and Certified B Corporation™. We challenge the traditional ways of credit and simplify the borrowing experience with digital-first experiences that meet the needs of modern consumers. We offer a range of fast, flexible, and competitively priced products that span our customers’ credit lifecycle, including personal loans, credit cards, and car loans. We deliver unrivalled customer experiences powered by smart technology, speed and efficiency. What we are looking for: We are looking for a Mid - Senior Cybersecurity Engineer to deliver hands on technical security across MONEYME’s application, cloud, and delivery environments. This role is application security focused, with strong accountability for secure SDLC, CI/CD security, SAST, DAST, threat modelling, vulnerability remediation, and implementation of high-risk technical controls. You will identify weaknesses through analysis and testing, validate risk with evidence, and work directly with engineering teams to drive effective remediation. The successful candidate will operate across the full application security lifecycle, applying purple teaming practices to continuously improve both preventive and detective controls. You will act as a technical point of contact across offensive and defensive security activities, translate realistic attack paths into remediation actions, validate control effectiveness through targeted testing, and produce defensible technical evidence that supports governance and audit requirements. You will partner closely with the Cybersecurity Lead, who owns overall security strategy. Responsibilities for this position include: Application security and vulnerability remediation · Own application security across web, mobile, and API based systems · Identify, validate, and prioritize application vulnerabilities using SAST, DAST, manual testing, and threat modelling · Assess findings against OWASP Top 10 and API Security risks to determine impact and exploitability · Drive remediation efforts by working directly with engineering teams through to closure · Validate fixes and ensure vulnerabilities are fully resolved and not reintroduced · Support risk-based decisions for vulnerabilities that cannot be immediately remediated Secure SDLC and threat modelling · Embed security controls into the software development lifecycle · Conduct threat modelling during design and architecture stages · Perform security reviews for new features, services, and significant changes · Define and enforce application security requirements prior to release · Provide practical guidance on secure coding practices aligned to OWASP recommendations DevSecOps · Integrate SAST, DAST, dependency, and container security testing into CI CD pipelines · Define and maintain risk-based security gates within delivery pipelines · Tune SAST and DAST rulesets to reduce noise and focus on exploitable issues · Review pipeline configurations for weaknesses such as secret handling, permissions, and unsafe build practices · Partner with engineering teams to remediate pipeline and deployment security issues Application attack surface and high-risk transaction flows · Assess and secure complex application flows involving sensitive data and transactional processing · Perform threat modelling for user journeys that include authentication, data capture, third party integrations, and externally exposed APIs · Identify and mitigate risks related to client-side execution, token handling, session integrity, and API abuse · Validate security controls for embedded third party functionality and externally facing application components · Ensure logging, monitoring, and detection cover abuse scenarios impacting data integrity and customer trust Targeted testing and purple teaming · Conduct focused security testing to validate high risk attack paths across applications and supporting services · Apply purple teaming techniques to verify that OWASP class vulnerabilities are detectable and defensible · Act as a technical bridge between offensive testing activities and defensive control improvements · Use threat intelligence and attack patterns to inform testing priorities and security improvements Technical control assurance and platform security · Implement and validate technical security controls across applications, delivery pipelines, and supporting platforms · Provide technical input into the security of cloud services, identity controls, and network exposed components supporting application workloads · Support external scanning, remediation validation, and technical evidence collection · Produce technical artefacts that demonstrate control effectiveness during audits Defensive and blue team enablement · Act as a technical escalation point during security incidents involving applications, cloud services, or delivery platforms · Support targeted threat hunting and detection tuning informed by application and infrastructure telemetry · Collaborate with defensive teams to improve visibility, logging quality, and response effectiveness To be successful in this role you must have the following: · Bachelor’s degree in Information Security, Information Technology, or a related discipline · Professional certifications such as CEH, OSCP or equivalent are highly regarded · Equivalent practical experience may be considered in lieu of formal qualifications · 3+ years of experience in cybersecurity engineering experience with strong focus on application security · Demonstrated ownership of vulnerability remediation from discovery through validation · Practical experience implementing and tuning SAST and DAST programs · Strong familiarity with OWASP Top 10 and OWASP API Security Top 10 · Experience working directly with software engineers and platform teams · Experience embedding security into the software development lifecycle · Experience operating in regulated or high-risk environments · Experience applying adversary driven or purple teaming techniques Technical Skills: · Strong understanding of web, mobile, and API security vulnerabilities and mitigations · Hands on experience with SAST, DAST, and application security testing tools · Ability to assess findings against OWASP risk categories and real-world exploitability · Practical experience with threat modelling methodologies and secure design reviews · Experience integrating security testing into CI CD pipelines · Working knowledge of cloud security fundamentals including identity, network exposure, and workload protection · Knowledge of secure secret handling, dependency management, and pipeline hardening · Understanding of attacker techniques and MITRE ATT&CK · Experience validating remediation and preventing vulnerability reintroduction · Experience securing applications that process sensitive or regulated data · Familiarity with Azure based environments or similar cloud platforms

Responsibilities

The Mid - Senior Cybersecurity Engineer will be responsible for application security and vulnerability remediation across web, mobile, and API systems. This includes driving remediation efforts, embedding security controls into the software development lifecycle, and conducting threat modelling.