Application Security Engineer

Description

Fluent Trade Technologies is a global Fintech leader, providing high-performance technology to the world’s largest banks and brokers. We specialize in ultra-low latency solutions and market data, operating R&D centers in Jerusalem alongside global development and sales hubs across Europe, Asia and the US.

We are seeking a skilled Mid-Level Application Security Engineer to join our growing security team. In this role, you will be responsible for embedding security throughout the software development lifecycle — from design reviews to automated testing pipelines. This is a hands-on technical role that requires both a strong engineering mindset and practical AppSec expertise.

Key Responsibilities

• Own and operate SAST, DAST, and SCA tools (Checkmarx, Veracode, Semgrep, Snyk, or equivalents) across CI/CD pipelines.
• Conduct manual and automated application security testing on web, API, and desktop trading components.
• Triage, validate, and prioritize vulnerability findings; work with developers on remediation plans and track to closure.
• Build and maintain automation scripts and integrations to scale security testing across teams (Python, bash, or equivalent).
• Perform security design reviews for new features, architectures, and third-party integrations.
• Conduct secure code reviews across C++, Java, and Python codebases, providing actionable, developer-friendly feedback.
• Plan and execute web application penetration tests against internal and customer-facing applications, APIs, and trading interfaces.
• Simulate real-world attack scenarios including injection attacks, authentication bypass, business logic flaws, and session manipulation.

Requirements

• 3–6 years of hands-on application security or software security engineering experience.
• Proven experience running SAST and DAST tools in enterprise environments (Checkmarx / CxOne, Fortify, Veracode, or equivalent).
• Proficiency in C++, Java, and Python — ability to read, understand, and review code for security flaws.
• Hands-on experience performing web application penetration tests with documented findings and reports.
• Ability to write scripts and tooling to automate security tasks and integrate with APIs.
• Strong understanding of OWASP Top 10, CWE, CVE, and common exploit patterns in financial/trading software
• Familiarity with REST APIs, authentication mechanisms (OAuth2, JWT, SAML), and secure communication patterns.

Preferred Qualifications

• Experience in fintech, capital markets, or trading platform environments (strong advantage).
• Familiarity with cloud security (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes).
• Knowledge of ISO 27001 or SOC 2 compliance requirements as they relate to application security.
• Certifications: CSSLP, GWEB, CEH, OSCP, or similar.
• Experience with threat modeling methodologies such as STRIDE or PASTA