Job Title

Senior Software Security EngineerAbout the RoleWe are seeking a Software Security Engineer to play a strategic and cross-functional leadership role in strengthening our Secure Software Development Lifecycle (SSDLC) across our entire product ecosystem — from classic 3-tier architectures to modern microservices-based payment platforms deployed on Amazon Web Services. You will act as a trusted advisor and technical authority, embedding security by design, driving DevSecOps maturity, and ensuring our software development practices consistently meet the highest standards of security, compliance, and operational excellence. Your MissionAs a Software Security Engineer, you will:Define and continuously evolve the company-wide SSDLC security framework, policies, and governance.Influence architecture and design decisions across product teams to ensure security is a core design principle.Lead initiatives for security tooling, automation, and vulnerability management.Enable and mentor engineering teams to adopt secure coding, perform code reviews, apply threat modeling, and embrace risk-driven design.Ensure alignment with the NIST Secure Software Development Framework (SSDF) and with PCI Secure Software Standard / PCI Secure SLC certification requirements. Key Responsibilities Secure SDLC Governance & StrategyEstablish and enforce a global SSDLC framework and secure development policies.Conduct risk assessments, threat modeling, and architecture security reviews.Drive secure design and implementation practices with developers. Ensure secure configuration baselines and hardening standards are defined and applied.Ensure vulnerabilities are detected and mitigated via manual reviews and automated tools (SAST, DAST, SCA, etc.)Guide the remediation of security incidents and root cause analysisProvide support for application-level security issues and audit follow-upsRun and/or supervise PentestsDevSecOps & Security AutomationDefine the roadmap and architecture for AppSec tooling (Checkmarx, SAST, DAST, SCA, container scanning, secrets detection…).Oversee the integration of security controls and gates into CI/CD pipelines.Standardize security guardrails for APIs, Kubernetes, containers, Microservices and cloud-native environments (AWS..)Establish metrics and dashboards to measure DevSecOps maturity.Vulnerability & Compliance ManagementOversee vulnerability lifecycle management and coordinate enterprise-wide remediation plans.Lead and support external audits and certification cycles (PCI Secure Software Standard, PCI Secure SLC).Provide security KPIs and risk reports to senior stakeholders and governance committees.Training, Advocacy & CulturePromote secure coding best practices and continuous learningDesign and deliver training programs on secure architecture, code review, threat Modeling and DevSecOps.Mentor security champions and influence technical leaders across the organization. Required ProfileEducationMaster’s degree in Computer Science, Software Engineering, or Cybersecurity.Experience5 to 7 years of experience in Application Security, DevSecOps, or SDLC Security.Proven track record leading application security initiatives in complex or regulated environments.Experience securing hybrid architectures (legacy + microservices on Amazon Web Services).Strong stakeholder management and cross-team leadership skills.Technical SkillsIn-depth knowledge of secure coding and architecture practices based on the NIST Secure Software Development Framework (SSDF), OWASP Top 10, OWASP ASVS, STRIDE…Hands-on expertise with AppSec tools (SAST, SCA, DAST, container scanning) and their integration in CI/CD.Proficiency in securing infrastructure and workloads on Amazon Web Services (IAM, KMS, VPCs, security groups, observability stacks, etc.).Familiarity with Kubernetes security concepts (RBAC, network policies, secrets management).Development experience in Java, Spring and Angular is a plus.REQUIRED SKILLSSkill Levels1 – Beginner | 2 – Intermediate | 3 – Proficient | 4 – ExpertTECHNICAL SKILLSJava, SpringDevSecOpsSoftware Development Framework (SSDF) Any one (OWASP Top 10/ OWASP ASVS/ STRIDE)NIST SecureAppSec tools, any one (SAST/ SCA/ DAST/ container scanning) CI/CDAmazon Web Services Kubernetes securityKnowledge Area Cards & Payments (Good to have, not mandatory)ISTQB certification (Mandatory)PROFILE REQUIREMENTSEducation: Master’s degree (Engineering, Computer Science, Information Systems, or equivalent)