Mid - Senior Cybersecurity Engineer App Sec Focused

About MONEYME:

MONEYME is a founder-led digital lender and Certified B Corporation™. We challenge the traditional ways of credit and simplify the borrowing experience with digital-first experiences that meet the needs of modern consumers. We offer a range of fast, flexible, and competitively priced products that span our customers’ credit lifecycle, including personal loans, credit cards, and car loans. We deliver unrivalled customer experiences powered by smart technology, speed and efficiency.

We are for ambitious Australians that expect more from life and the companies they engage with. We uphold a strong ethos of sustainability and hold ourselves accountable to the high standards of the B Corp movement. Our culture is energetic and driven, and we continually challenge the status quo… we’re nothing like your traditional finance institution. We have recently been certified as a B Corp and a Great Place To Work. We’re proud to have built a culture where people feel heard, cared for, and empowered to push boundaries. We wouldn’t be able to continually improve and grow as a company without our diverse and exceptional team.

What we are looking for:

We are looking for a Mid - Senior Cybersecurity Engineer to deliver hands on technical security across MONEYMEs application, cloud and delivery environments. This role is application security focused, with strong accountability for secure SDLC, CI/CD security, SAST, DAST, threat modeling, vulnerability remediation, and implementation of high-risk technical controls. You will identify weaknesses through analysis and testing, validate risk with evidence, and work directly with engineering teams to drive effective remediation.

The successful candidate will operate across the full application security lifecycle, applying purple teaming practices to continuously improve both preventive and detective controls. You will act as a technical point of contact across offensive and defensive security activities, translate realistic attack paths into remediation actions, validate control effectiveness through targeted testing, and produce defensible technical evidence that supports governance and audit requirements. You will partner closely with the Information Security Lead, who owns the overall security strategy.

Responsibilities for this position include:

Application security and vulnerability remediation

• Own application security across web, mobile, and API systems.
• Identify and prioritize vulnerabilities using SAST, DAST, and threat modelling.
• Assess findings against OWASP Top 10 and OWASP API Security risks.
• Drive remediation with engineering teams and validate fixes.
  
  

Secure SDLC and threat modelling

• Embed security into the software development lifecycle.
• Conduct threat modelling during design and architecture and perform security reviews for new features and changes.
  
  

DevSecOps

• Integrate SAST, DAST, dependency, and container testing into CI CD pipelines.
• Identify risks in token handling, sessions, and API abuse and attack surface and purple teaming.
• Assess high risk flows involving authentication, sensitive data, APIs, and third-party integrations.
  
  

Blue team, cloud, and technical assurance

• Act as a technical escalation point during application, cloud, and platform security incidents
• Support detection tuning, logging quality, and threat hunting using application and cloud telemetry
• Validate security controls across applications, pipelines, cloud services, and identity components
• Support external scanning and remediation validation
  
  

To be successful in this role you must have the following:

• Bachelor’s degree in Information Security, Information Technology, or a related discipline
• Professional certifications such as CEH, OSCP or equivalent are highly regarded
• 3+ years of experience in cybersecurity engineering experience with strong focus on application security
• Demonstrated ownership of vulnerability remediation from discovery through validation
• Experience working directly with software engineers and platform teams
• Experience embedding security into the software development lifecycle
• Experience operating in regulated or high-risk environments
• Experience applying adversary driven or purple teaming techniques
  
  

Technical skills:

• Strong understanding of web, mobile, and API security vulnerabilities and mitigations
• Hands on experience with SAST, DAST, and application security testing tools
• Ability to assess findings against OWASP risk categories and real-world exploitability
• Practical experience with threat modelling methodologies and secure design reviews
• Experience integrating security testing into CI CD pipelines
• Working knowledge of cloud security fundamentals including identity, network exposure, and workload protection
• Knowledge of secure secret handling, dependency management, and pipeline hardening
• Understanding of attacker techniques and MITRE ATT&CK
• Experience validating remediation and preventing vulnerability reintroduction
• Experience securing applications that process sensitive or regulated data
• Familiarity with Azure based environments or similar cloud platforms
  
  

What’s in it for you:

MONEYME’s employees and culture are core to who we are. We know that without a high-performing and engaged Team MONEYME, we will not achieve our ambitious goals for the future. We are proud to offer a collaborative and fun work environment.

Some of the benefits & perks we offer for all our employees in Manila are:

• HMO on Day 1 + 1 free dependent
• 15 days of vacation leaves and 15 days of sick leave
• 1 birthday leave
• Health and wellbeing initiatives like weekly sports activities and MONEYME Olympics
• Fun filled company activities - summer outings, team building, team lunch or dinner, Halloween event, year-end party and so much more!
• Complimentary snacks in the office
• MONEYME Merchandise - hoodie, T-shirt, tumbler, notebook, and id lace
• Quarter champion awards & reward trips
  
  

At MONEYME we believe in rewarding hard work. When the business is winning, so are you and we’re always investing in our employees to lead new projects and develop people’s careers. We have quarterly awards, events, bonuses and more.

MONEYME Limited is an equal opportunity employer and we value diversity, equity, and inclusion. We are committed to creating a diverse and inclusive workplace and encourage applicants from all backgrounds to apply. We believe that the unique contribution of our employees is a key driver of our success. We stand together – our diversity and inclusion give us an edge.

---