Mid - Senior Cybersecurity Engineer

About MONEYME:

MONEYME is a founder-led digital lender and Certified B Corporation™. We challenge the traditional ways of credit and simplify the borrowing experience with digital-first experiences that meet the needs of modern consumers. We offer a range of fast, flexible, and competitively priced products that span our customers’ credit lifecycle, including personal loans, credit cards, and car loans. We deliver unrivalled customer experiences powered by smart technology, speed and efficiency.

What we are looking for:

We are looking for a Mid - Senior Cybersecurity Engineer to deliver hands on technical security across MONEYME’s application, cloud, and delivery environments. This role is application security focused, with strong accountability for secure SDLC, CI/CD security, SAST, DAST, threat modelling, vulnerability remediation, and implementation of high-risk technical controls. You will identify weaknesses through analysis and testing, validate risk with evidence, and work directly with engineering teams to drive effective remediation.

The successful candidate will operate across the full application security lifecycle, applying purple teaming practices to continuously improve both preventive and detective controls. You will act as a technical point of contact across offensive and defensive security activities, translate realistic attack paths into remediation actions, validate control effectiveness through targeted testing, and produce defensible technical evidence that supports governance and audit requirements. You will partner closely with the Cybersecurity Lead, who owns overall security strategy.

Responsibilities for this position include:

Application security and vulnerability remediation

• Own application security across web, mobile, and API systems
• Identify and prioritize vulnerabilities using SAST, DAST, and threat modelling
• Assess findings against OWASP Top 10 and OWASP API Security risks
• Drive remediation with engineering teams and validate fixes
  
  

• Embed security into the software development lifecycle
• Conduct threat modelling during design and architecture
• Perform security reviews for new features and changes
  
  

• Integrate SAST, DAST, dependency, and container testing into CI CD pipelines
• Define risk based security gates and tune rulesets
  
  

• Assess high risk flows involving authentication, sensitive data, APIs, and third party integrations
• Identify risks in token handling, sessions, and API abuse
• Conduct targeted testing and validate defensive coverage
  
  

• Act as a technical escalation point during application, cloud, and platform security incidents
• Support detection tuning, logging quality, and threat hunting using application and cloud telemetry
• Validate security controls across applications, pipelines, cloud services, and identity components
• Support external scanning and remediation validation
  
  

• Bachelor’s degree in Information Security, Information Technology, or a related discipline
• Professional certifications such as CEH, OSCP or equivalent are highly regarded
• Equivalent practical experience may be considered in lieu of formal qualifications
• 3+ years of experience in cybersecurity engineering experience with strong focus on application security
• Demonstrated ownership of vulnerability remediation from discovery through validation
• Practical experience implementing and tuning SAST and DAST programs
• Strong familiarity with OWASP Top 10 and OWASP API Security Top 10
• Experience working directly with software engineers and platform teams
• Experience embedding security into the software development lifecycle
• Experience operating in regulated or high-risk environments
• Experience applying adversary driven or purple teaming techniques
  
  

• Strong understanding of web, mobile, and API security vulnerabilities and mitigations
• Hands on experience with SAST, DAST, and application security testing tools
• Ability to assess findings against OWASP risk categories and real-world exploitability
• Practical experience with threat modelling methodologies and secure design reviews
• Experience integrating security testing into CI CD pipelines
• Working knowledge of cloud security fundamentals including identity, network exposure, and workload protection
• Knowledge of secure secret handling, dependency management, and pipeline hardening
• Understanding of attacker techniques and MITRE ATT&CK
• Experience validating remediation and preventing vulnerability reintroduction
• Experience securing applications that process sensitive or regulated data
• Familiarity with Azure based environments or similar cloud platforms