Information Security Engineer

Our client is a global company in the fintech sector andwork in the area of derivatives and OTC products, which are the most complex parts of the financial market. They are the  market leader in derivatives post-trade processing, bringing innovation, expertise, processes and networks together to solve the post-trade challenges of global financial markets.  They operates cross-asset post-trade processing networks, providing a proven suite of Credit Risk, Trade Workflow and Optimisation services. Together these solutions streamline post-trade workflows, enabling firms to connect to counterparties and utilities, manage credit risk, reduce operational risk and optimise processing to drive post-trade efficiencies.

The Job

We are seeking an experienced Information Security Engineer with a strong background in secure software development practices, application security testing, vulnerability management and Information Security Compliances. The ideal candidate will be responsible for ensuring that security is integrated across the software development lifecycle (SDLC) and will actively collaborate with development, DevOps, and product teams to mitigate application-level risks.

1. Application Security

2. Perform comprehensive application security assessments, including Static Application Security Testing (SAST) Pen testing, Dynamic Application Security Testing (DAST), and API security testing across enterprise applications.

3. Review and analyse source code to identify and remediate security vulnerabilities.
4. Collaborate with development teams to integrate security best practices in the SDLC and provide secure coding guidance.
5. Lead and support remediation efforts by providing actionable recommendations and retesting fixes.
6. Conduct manual and automated web application and API penetration tests to uncover business logic and security flaws.
7. Develop and maintain security testing checklists, processes, and internal documentation.
8. Track and report vulnerabilities, ensuring timely closure in collaboration with development and product owners.
9. Participate in threat modelling sessions and help teams prioritize risks based on severity and business impact.

10. Stay current with emerging threats, vulnerabilities, attack vectors, and security technologies to proactively improve application security posture.

11. Information Security Compliance:

12. Ensure compliance with relevant security standards and regulations, including ISO 27001, NIST Standard, risk management

13. Develop and maintain security documentation and procedures.
14. Assist with external security audits and assessments.
15. Stay up to date on the latest security threats and vulnerabilities.

Other Duties:

• Provide security consulting and support to other teams.
• Evaluate and recommend new security technologies and solutions.
• Participate in security awareness training and initiatives.

Your Profile

• 4-5 years experience working in IT Security in multiple capacities.
• Hands-on experience with application security tools such as Burp Suite, IBM AppScan, Acunetix, HP WebInspect, NTOSpider, Postman, and others.
• Strong expertise in manual and automated web application security testing and a deep understanding of OWASP Top 10 and business logic vulnerabilities.
• Solid experience testing RESTful and SOAP APIs, analyzing request/response flows, and validating secure implementation.
• Strong knowledge of secure coding principles, common attack vectors (OWASP, SANS Top 25, WASC), and mitigation techniques.
• Familiarity with CI/CD pipelines and integrating security testing into DevOps workflows (preferred).
• Proficiency in both Black Box and White Box testing methodologies.

Certifications (Preferred):

• Certified Ethical Hacker (CEH), OSCP, eWPT, or equivalent security certifications are preferred.
• Certification like ISO 27001, CISA, CRISC, CISM, CISSP etc. would be an added advantage.