Security Technical Lead

About Temenos

Temenos powers a world of banking that creates opportunities for billions of people and businesses everywhere. We have been doing this for over 30 years through the pioneering spirit of our Temenosians who are passionate about making banking better, together.

We serve over 3000 clients from the largest to challengers and community banks in 150+ countries. We collaborate with clients to build new banking services and state-of-the-art customer experiences on our open banking platform, helping them operate more sustainably.

At Temenos, we have an open-minded and inclusive culture, where everyone has the power to create their own destiny and make a positive contribution to the world of banking and society.

VALUES

Care About Transforming The Banking Landscape.

Commit to being part of an exciting culture and product evolving within the financial industry.

Collaborate effectively and proactively with teams within or outside Temenos.

Challenge yourself to be ambitious and achieve your individual as well as the company targets.

Position Summary

We are seeking an experienced robust Application Security Team Lead with strong hands-on expertise in penetration testing, secure code review, and software supply chain security, combined with the ability to mentor and guide a team member. This role is primarily technical with hands-on and will actively contribute to offensive security testing, design reviews, and remediation support across SaaS and enterprise applications and collaborating with development teams to enhance overall security posture.

Key Responsibilities

• Conduct end-to-end penetration testing of products across vertical
• Perform in-depth manual and automated security testing of web applications, APIs, Mobile application and backend components to uncover security flaws.
• Conduct secure source code reviews (Java, JavaScript, Python, .NET, Go, etc.)
• Identify business logic flaws, abuse cases, and complex attack chains
• Assess and mitigate software supply chain risks:
• Open-source dependency analysis
• Container & base image security
• Collaborate closely with product developers to triage, mitigate, and re-test identified vulnerabilities.
• Ensure product is secure from exploitable issues for both on-premises deployments and cloud-hosted SaaS environments.
• Continuously improve internal testing methodologies, tools, and documentation to keep pace with evolving threats.
• Engage with clients and collaborate with development teams to drive issue resolution.
• Leading the team and provide security pen test guidance to internal team members and participate in security design reviews and drive upskilling initiatives (advanced attacks, AI-assisted testing, new techniques)
  

• 8 - 10 years of experience in penetration testing, application security, or offensive security roles.
• OSCP or equivalent certification is a must
• Strong understanding of OWASP Top 10, CWE/SANS 25, network protocols and common attack vectors affecting modern applications.
• Ability to write custom exploitation scripts targeting web applications and automating repetitive tasks.
• Proven experience testing banking, fintech, or SaaS platform applications.
• Proficiency with security tools such as Burp Suite, OWASP ZAP, Kali, Nmap, and custom scripts.
• Familiarity with secure coding practices and development methodologies (Agile, DevSecOps) and Software Supply Chain Security
• Experience interpreting and analyzing source code, network configurations, and application logs to support test findings.
• Excellent verbal and written communication skills for engaging both technical and non-technical stakeholders.
• Experience working with cross-functional teams to enhance the overall security posture.
• Willingness to learn continuously and staying updated with the latest security trends, threats, and technologies.
  
  

• Burp Suite, ZAP, Nuclei
• SAST tools (Semgrep, CodeQL, Fortify, Checkmarx)
• Dependency & container scanners
• Docker, Kubernetes
  
  

• Certifications such as OCSP or relevant security certifications.
• SaaS relates such as Azure and AWS knowledge
• Familiarity with security frameworks and standards (e.g., NIST, OWASP, SANS, CIS Controls).
• Knowledge of regulatory requirements and compliance (e.g., GDPR, PSD2).
• Proficiency in scripting and automation for security tasks (e.g., Python, PowerShell).
  
  

• Maternity leave: Transition back with 3 days per week in the first month and 4 days per week in the second month
• Civil Partnership: 1 week of paid leave if youre getting married. This covers marriages and civil partnerships, including same sex/civil partnership
• Family care: 4 weeks of paid family care leave
• Recharge days: 4 days per year to use when you need to physically or mentally needed to recharge
• Study leaves: 2 weeks of paid leave each year for study or personal development