All roles

Open role

Application Security Engineer

Remote · Ethiopia Full-time

The Role You'll own application security across our mobile banking platform, payments stack, and a growing set of regulated products. The work is hands-on, you’ll conduct a threat modeling, security reviews, CI/CD tooling - with real process ownership. You'll report to the Group CISO and work closely with both our engineering teams and the Bank IS function. Justification As Salmon expands its product lineup like cards, payments, ATM network - the need for a dedicated Application Security function has become critical. Currently there is no specialist owning secure development practices, mobile security testing, or supply chain risk. This role fills gap: ensuring internal systems and customer data are protected, embedding security into the product delivery process, and building the AppSec practices needed to meet regulatory expectations and support secure growth.

Responsibilities

Risk-driven security ownership Identify which systems, data flows, and product changes carry the highest real-world risk and build your work around that, not around tool coverage or compliance checklists Decide when a security gate is worth slowing down a release and when it isn't, own that call, and be able to explain it to engineering and the CISO Maintain a risk register for application-layer exposures: what's open, what's accepted, what's being fixed, and why in that order Secure SDLC Figure out where in our delivery process security decisions are actually being made and put controls there Run threat modeling for high-stakes product changes before design is locked, not after Build a mobile security testing baseline that the team runs themselves CI/CD and supply chain Assess what the current pipeline actually catches versus what it produces as noise, and fix the ratio before adding more scanners Own supply chain posture: dependency pinning, SBOM, internal registry, and the response process when a package gets compromised Own secrets detection and remediation end-to-end Regulatory and cross-team work Translate application security gaps into language that satisfies BSP examiners without over-engineering the evidence Coordinate security input into new product launches across our Group and Bank structure

Requirements

Experience 7+ years in application security, with meaningful ownership over both technical work and process Has built or substantially improved a secure SDLC in a fast-moving product org Has run threat modeling on real product features and influenced design decisions as a result Has owned vulnerability management end-to-end: triage, remediation tracking, SLA management, risk acceptance Has done hands-on mobile security testing (iOS and/or Android) in a production context, not just UAT Understands modern supply chain attack vectors like compromised packages (npm, PyPI), malicious IDE plugins, typosquatting, dependency confusion - and knows how to reduce exposure at the tooling and process level Comfortable writing Python or Bash to automate repetitive security work Technical skills SAST, DAST, SCA in CI/CD pipelines: knows how to tune for signal, not just coverage API security: authentication flows, token handling, common abuse patterns Mobile security: OWASP ASVS/MASVS applied in practice Supply chain: SBOM generation and dependency risk management Secrets management: detection, remediation, and structural prevention Working knowledge of AWS and containers sufficient to understand where application risks extend into infrastructure Nice to have Experience in a regulated environment (financial services or similar) Familiarity with PCI-DSS, ISO 27001, or BSP MORB Certifications: OSCP, GWEB, GWAPT, CSSLP Communication Strong written English; most day-to-day alignment is async Can explain a security issue clearly to an engineer and summarize the same issue for a non-technical stakeholder

More open positions

QuickBooks Online Specialist

Work from home Full-time role

Human Resources Generalist

Work from home Full-time role

AI Quality Automation Engineer (Remoto - Latam)

Work from home Full-time role

End-of-Project Review of Policy Impact, Monitoring, Evaluation and Learning, and Practical Impact Tools for the Asia-Pacific Observatory

Work from home Full-time role

Senior Manager, AI Enterprise Engineering

Work from home Full-time role

Workers Comp Senior Claims Representative

Work from home Full-time role

[Remote] Sr Data Center Project Manager - ZL

Work from home Full-time role

Experienced Full Stack Data Entry Specialist – Remote Opportunity at careerzynith

Work from home Full-time role

App Tester

Work from home Full-time role

Staff Software Engineer

Work from home Full-time role

Principal Engineering Manager

Work from home Full-time role

Utilization Review Nurse Coordinator (RN)-Atrium Health- Remote-FT Days

Work from home Full-time role

(Virtual Assistant Remote Jobs) Netflix Remote (No Degree Jobs) $30/H - Hiring Now

Work from home Full-time role

Senior Media Strategist

Work from home Full-time role

HR Business Partner - AI Trainer - Freelance - 8-20 hrs/week - Remote

Work from home Full-time role

[Remote] Senior Mainframe Software Engineer – Collections System Migration

Work from home Full-time role

Remote Part-Time Customer Service Representative – Virtual Call Center Role with careerzynith

Work from home Full-time role

Freight Dispatchers Wanted (Experienced & Entry-Level) Work From Home & Earn $8,000 to $15,000+ Per Month

Work from home Full-time role

Site Reliability Engineer

Work from home Full-time role

Licensed Property & Casualty Insurance Agent - Remote USA

Work from home Full-time role

Commissions Associate

Work from home Full-time role