.Here at Pleo, we're onboarding new customers with Sonic.Gif speed, which is amazing don't get me wrong, but the larger we become, the bigger the temptation from cyber criminals. As you may already know, we are in the FinTech business, and we handle money for our customers. So this is not just about protecting a company from a password leak that allows malicious actors to post not-funny cat videos to your SoMe account - this is about directly protecting our customers' money. Well, this is where you (hopefully) come in! This role focuses solely on the application security side. We are talking about both security of our application and ensuring our internal dev practices improve our product security maturity. What we're looking for is someone to be part of making all of this happen. Our ideal candidate is someone with coding knowledge, some familiarity with security tooling think Burp Suite and a strong passion or desire to learn more about the industry. To give you a better idea, here are some tasks you might do as an Associate Application Security Engineer at Pleo: Assist in dispatching managed Bug Bounty program findings to appropriate teams and follow up as directed. Assist Senior team members on feedback to engineering teams during threat modelling sessions. Work on scoped security tasks under supervision, including basic authentication, encryption, and partner integration tasks. Assist in reviewing and understanding common security issues in code reported in our bug bounty program, and relay common best practices and guidance to developers. Provide basic technical support to the GRC and DevOps team in developing and maintaining security automation in the CI/CD pipeline under the guidance of senior team members. Just to make it absolutely clear, we're not building a generalist security profile to take over all security-related tasks. We're building a team of specialists to support other teams through paved paths, investigations, and coaching. There will be a lot of flexibility in this role depending on your interests and skills, but as an Associate you will most likely: Participate in threat modelling sessions suggesting mitigations to potential threats. Assist technical security assessments on our web applications and mobile application. Participate in projects while supporting a long-term security vision. Continuously reflect on how we've aimed to balance automation in controls and processes against our defined data classifications while providing access and meeting the needs of the company. We'd expect that you have some experience in certain areas. Ideally code review and dynamic testing and not in the whole security-verse. The most important is that you have a passion for the field, you are willing to expand your knowledge, and that you enjoy the responsibilities that come along with such a role. Your profile You recognize that communication is a core part of your job within application security