Mid - Senior Cybersecurity Engineer at MONEYME

Pasig, Metro Manila, Philippines -

Full Time

Start Date

Immediate

Expiry Date

19 Mar, 26

Salary

0.0

Posted On

19 Dec, 25

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Application Security, Vulnerability Remediation, Secure SDLC, Threat Modelling, DevSecOps, SAST, DAST, Cloud Security, OWASP, Technical Control Assurance, Incident Response, Threat Hunting, Communication, Problem Solving, Continuous Learning, Team Collaboration

Industry

Financial Services

Description

About MONEYME: MONEYME is a founder-led digital lender and Certified B Corporation™. We challenge the traditional ways of credit and simplify the borrowing experience with digital-first experiences that meet the needs of modern consumers. We offer a range of fast, flexible, and competitively priced products that span our customers’ credit lifecycle, including personal loans, credit cards, and car loans. We deliver unrivalled customer experiences powered by smart technology, speed and efficiency. We are for ambitious Australians that expect more from life and the companies they engage with. We uphold a strong ethos of sustainability and hold ourselves accountable to the high standards of the B Corp movement. Our culture is energetic and driven, and we continually challenge the status quo… we’re nothing like your traditional finance institution. We have recently been certified as a B Corp and a Great Place To Work. We’re proud to have built a culture where people feel heard, cared for, and empowered to push boundaries. We wouldn’t be able to continually improve and grow as a company without our diverse and exceptional team. What we are looking for: We are looking for a Mid - Senior Cybersecurity Engineer to deliver hands on technical security across MONEYME’s application, cloud, and delivery environments. This role is application security focused, with strong accountability for secure SDLC, CI/CD security, SAST, DAST, threat modelling, vulnerability remediation, and implementation of high-risk technical controls. You will identify weaknesses through analysis and testing, validate risk with evidence, and work directly with engineering teams to drive effective remediation. The successful candidate will operate across the full application security lifecycle, applying purple teaming practices to continuously improve both preventive and detective controls. You will act as a technical point of contact across offensive and defensive security activities, translate realistic attack paths into remediation actions, validate control effectiveness through targeted testing, and produce defensible technical evidence that supports governance and audit requirements. You will partner closely with the Cybersecurity Lead, who owns overall security strategy. Responsibilities for this position include: Application security and vulnerability remediation · Own application security across web, mobile, and API based systems · Identify, validate, and prioritize application vulnerabilities using SAST, DAST, manual testing, and threat modelling · Assess findings against OWASP Top 10 and API Security risks to determine impact and exploitability · Drive remediation efforts by working directly with engineering teams through to closure · Validate fixes and ensure vulnerabilities are fully resolved and not reintroduced · Support risk-based decisions for vulnerabilities that cannot be immediately remediated Secure SDLC and threat modelling · Embed security controls into the software development lifecycle · Conduct threat modelling during design and architecture stages · Perform security reviews for new features, services, and significant changes · Define and enforce application security requirements prior to release · Provide practical guidance on secure coding practices aligned to OWASP recommendations DevSecOps · Integrate SAST, DAST, dependency, and container security testing into CI CD pipelines · Define and maintain risk-based security gates within delivery pipelines · Tune SAST and DAST rulesets to reduce noise and focus on exploitable issues · Review pipeline configurations for weaknesses such as secret handling, permissions, and unsafe build practices · Partner with engineering teams to remediate pipeline and deployment security issues Application attack surface and high-risk transaction flows · Assess and secure complex application flows involving sensitive data and transactional processing · Perform threat modelling for user journeys that include authentication, data capture, third party integrations, and externally exposed APIs · Identify and mitigate risks related to client-side execution, token handling, session integrity, and API abuse · Validate security controls for embedded third party functionality and externally facing application components · Ensure logging, monitoring, and detection cover abuse scenarios impacting data integrity and customer trust Targeted testing and purple teaming · Conduct focused security testing to validate high risk attack paths across applications and supporting services · Apply purple teaming techniques to verify that OWASP class vulnerabilities are detectable and defensible · Act as a technical bridge between offensive testing activities and defensive control improvements · Use threat intelligence and attack patterns to inform testing priorities and security improvements Technical control assurance and platform security · Implement and validate technical security controls across applications, delivery pipelines, and supporting platforms · Provide technical input into the security of cloud services, identity controls, and network exposed components supporting application workloads · Support external scanning, remediation validation, and technical evidence collection · Produce technical artefacts that demonstrate control effectiveness during audits Defensive and blue team enablement · Act as a technical escalation point during security incidents involving applications, cloud services, or delivery platforms · Support targeted threat hunting and detection tuning informed by application and infrastructure telemetry · Collaborate with defensive teams to improve visibility, logging quality, and response effectiveness To be successful in this role you must have the following: · Bachelor’s degree in Information Security, Information Technology, or a related discipline · Professional certifications such as CEH, OSCP or equivalent are highly regarded · Equivalent practical experience may be considered in lieu of formal qualifications · 3+ years of experience in cybersecurity engineering experience with strong focus on application security · Demonstrated ownership of vulnerability remediation from discovery through validation · Practical experience implementing and tuning SAST and DAST programs · Strong familiarity with OWASP Top 10 and OWASP API Security Top 10 · Experience working directly with software engineers and platform teams · Experience embedding security into the software development lifecycle · Experience operating in regulated or high-risk environments · Experience applying adversary driven or purple teaming techniques Technical Skills: · Strong understanding of web, mobile, and API security vulnerabilities and mitigations · Hands on experience with SAST, DAST, and application security testing tools · Ability to assess findings against OWASP risk categories and real-world exploitability · Practical experience with threat modelling methodologies and secure design reviews · Experience integrating security testing into CI CD pipelines · Working knowledge of cloud security fundamentals including identity, network exposure, and workload protection · Knowledge of secure secret handling, dependency management, and pipeline hardening · Understanding of attacker techniques and MITRE ATT&CK · Experience validating remediation and preventing vulnerability reintroduction · Experience securing applications that process sensitive or regulated data · Familiarity with Azure based environments or similar cloud platforms Soft Skills: · Clear and effective communicator with engineering, offensive, and defensive security teams · Comfortable challenging design decisions while remaining solution oriented · Strong ownership mindset focused on outcomes rather than findings · Ability to prioritise remediation based on risk and impact · Calm and methodical approach during production issues or security incidents Continuous Learning: · Commitment to staying current with application security threats, OWASP guidance, and evolving attack techniques · Participation in professional development activities such as training, certifications, or security communities What’s in it for you: MONEYME’s employees and culture are core to who we are. We know that without a high-performing and engaged Team MONEYME, we will not achieve our ambitious goals for the future. We are proud to offer a collaborative and fun work environment. Some of the benefits & perks we offer for all our employees in Manila are: HMO on Day 1 + 1 free dependent 15 days of vacation leaves and 15 days of sick leave 1 birthday leave Health and wellbeing initiatives like weekly sports activities and MONEYME Olympics Fun filled company activities - summer outings, team building, team lunch or dinner, Halloween event, year-end party and so much more! Complimentary snacks in the office MONEYME Merchandise - hoodie, T-shirt, tumbler, notebook, and id lace Quarter champion awards & reward trips At MONEYME we believe in rewarding hard work. When the business is winning, so are you and we’re always investing in our employees to lead new projects and develop people’s careers. We have quarterly awards, events, bonuses and more. MONEYME Limited is an equal opportunity employer and we value diversity, equity, and inclusion. We are committed to creating a diverse and inclusive workplace and encourage applicants from all backgrounds to apply. We believe that the unique contribution of our employees is a key driver of our success. We stand together – our diversity and inclusion give us an edge.

Responsibilities

The Mid - Senior Cybersecurity Engineer will focus on application security, vulnerability remediation, and secure SDLC practices. They will work closely with engineering teams to identify and remediate vulnerabilities while ensuring security controls are integrated into the development lifecycle.