Secure the Future of Global Finance with Airwallex
Airwallex is revolutionizing global finance as the only unified payments and financial platform built for modern businesses. We empower over 150,000 businesses worldwide, including industry leaders like Brex, Rippling, Navan, Qantas, and SHEIN, with seamless solutions for business accounts, payments, spend management, treasury, and embedded finance – all at a global scale.
With a valuation of US$6.2 billion and the backing of top-tier investors like Visa, Airtree, Blackbird, Sequoia, and more, we're a diverse team of 1,700+ innovators across 26 global offices, shaping the future of payments. Ready to tackle ambitious challenges and make a real impact? Join us!
Senior Application Security Engineer: Your Mission
As a Senior Application Security Engineer, you'll be a critical player within our Security team, collaborating closely with product and engineering teams across the entire Airwallex ecosystem. Your mission? Fortify our platform, protect our business, and safeguard our 150,000+ customers.
You'll be instrumental in building and driving our application security program, empowering product and engineering teams to build and deploy rapidly without compromising security. From proactive vulnerability hunting to collaborating with engineers on preventative measures, you'll dive deep into the codebase, educate the broader business on security best practices, and champion a security-first culture.
What You'll Be Doing: Dive into the Details
Code Crusader: Review Airwallex platform and product code to identify security vulnerabilities, offering actionable solutions to engineers.
Risk Architect: Partner proactively with product and engineering teams to assess risk, providing expert guidance on secure code review and development best practices.
Security Evangelist: Champion security architecture best practices across the entire Product and Engineering organization, including secure configuration and deployment of new infrastructure and services.
Knowledge Sharer: Educate engineering and product teams on secure code and design principles, emphasizing the "why" behind best practices.
Application Guardian: Continuously test our applications, both internally and through external partnerships, to identify weaknesses.
Threat Hunter: Stay ahead of the curve by tracking the latest threats and attack techniques, assessing their potential impact on our platform.
Vendor Manager: Coordinate and manage third-party application security reviews and penetration tests.
Access Authority: Set and enforce standards for identity and access management across the platform.
Cloud Security Expert: Review our cloud provider usage, identify risk areas, and implement effective mitigation strategies.
What You'll Bring to the Table: Your Arsenal
Passion: A genuine passion for tackling the unique security challenges of high-growth startups.
Cloud Expertise: Hands-on experience with cloud platforms (we're a GCP shop).
Self-Starter Mentality: Intrinsic motivation and a drive to continuously learn and expand your skillset.
Attacker's Mindset: A deep understanding of common attacker tools, techniques, and how insecure development practices can be exploited.
Vulnerability Assessment Proficiency: Proven experience with vulnerability assessment tools.
Communication Mastery: Exceptional communication skills, capable of explaining complex technical security concepts to both technical and non-technical audiences.
Bonus Points: Experience with Kotlin, Typescript, NodeJS, and Kubernetes.
Even More Bonus Points: Relevant security certifications (GIAC, OSCP), a history of responsible disclosure, and/or active participation in bug bounty programs (HackerOne, etc.).
Thought Leadership: Published articles, journals, or blog posts related to cybersecurity.
Equal Opportunity Employer
Airwallex is an equal opportunity employer committed to diversity and inclusion. We evaluate applicants based on merit, qualifications, competence, and talent, without regard to race, religion, color, national origin, gender, sexual orientation, age, marital status, disability status, or any other legally protected characteristic. If you require accommodations due to a disability or special need, please let us know.
Airwallex does not accept unsolicited resumes from search firms/recruiters. Airwallex will not pay any fees to search firms/recruiters if a candidate is submitted by a search firm/recruiter unless an agreement has been entered into with respect to specific open position(s). Search firms/recruiters submitting resumes to Airwallex on an unsolicited basis shall be deemed to accept this condition, regardless of any other provision to the contrary.