Please mention DailyRemote when applying
Your application and all hiring communication for this role run through the Techy Recruiter team.
Ajaib is an Indonesian investment platform helping people access and manage investments across stocks, crypto, and U.S. stocks. As the platform continues to grow, protecting our customers, products, and technology is fundamental to maintaining trust.
We’re looking for an Application Security Lead to strengthen security across our mobile applications, APIs, backend services, and software-development lifecycle.
You’ll lead application security across Ajaib’s product and engineering organisation.
This is a hands-on role where you’ll work closely with engineers, product teams, infrastructure, and the wider security function to identify risks early and make secure development part of how we build and release software.
You’ll define application-security standards, improve security testing and automation, lead technical reviews, and help engineering teams resolve vulnerabilities without slowing down delivery.
Define and lead Ajaib’s application-security programme across mobile, web, APIs, and backend services
Build application-security standards, processes, and controls across the software-development lifecycle
Partner with engineering and product teams to embed security into product design and development
Lead threat-modelling sessions for new products, features, architectures, and integrations
Conduct security architecture reviews, code reviews, and application-security assessments
Own and improve SAST, DAST, software-composition analysis, secrets detection, and dependency-scanning capabilities
Integrate application-security testing into CI/CD pipelines
Identify, prioritise, and track vulnerabilities through remediation and verification
Work with engineering teams to provide practical remediation guidance and secure coding recommendations
Coordinate penetration testing, security assessments, and responsible-disclosure activities
Strengthen security across mobile applications, APIs, authentication flows, customer accounts, and sensitive transactions
Help investigate application-related security incidents and support root-cause analysis
Define application-security metrics, reporting, and risk indicators
Deliver secure-development training and build security champions within engineering teams
Mentor application-security engineers and help grow the team’s technical capabilities
Stay current with emerging vulnerabilities, attack techniques, and security risks affecting financial and investment platforms
Strong experience in application security, product security, security engineering, or penetration testing
Experience leading application-security initiatives or mentoring security engineers
Strong knowledge of mobile, web, API, and backend application security
Experience securing applications built on modern cloud and distributed architectures
Deep understanding of common application-security risks, including the OWASP Top 10 and OWASP API Security Top 10
Hands-on experience with threat modelling, secure code review, vulnerability assessment, and penetration testing
Experience using and implementing SAST, DAST, software-composition analysis, and secrets-detection tools
Familiarity with mobile application security across Android and iOS
Ability to understand code in one or more modern programming languages
Experience integrating security checks into CI/CD and developer workflows
Strong understanding of authentication, authorisation, session management, encryption, and secure API design
Ability to communicate security risks clearly and provide practical, developer-friendly solutions
Strong written and spoken English
Previous experience within fintech, banking, brokerage, payments, investment, or cryptocurrency platforms
Experience with Android or iOS application security testing
Familiarity with the OWASP Mobile Application Security Verification Standard and OWASP Application Security Verification Standard
Experience running bug-bounty or responsible-disclosure programmes
Knowledge of container, Kubernetes, and cloud-native application security
Experience with fraud prevention, account-takeover protection, and transaction security
Security certifications such as OSCP, OSWE, CSSLP, CISSP, or equivalent
Experience building an application-security programme in a fast-growing organisation
High-impact ownership: shape application security across a growing financial platform
Hands-on influence: work directly with engineers and improve how products are designed, built, tested, and released
Meaningful challenges: secure mobile applications, APIs, customer accounts, investment data, and financial transactions
Security at scale: help build processes and automation that grow with the business
Leadership opportunity: mentor engineers, build a security-champion culture, and help define Ajaib’s application-security standards
A few things worth knowing before you apply:
Interviews may include technical, leadership, and application-security scenario discussions. You may be asked to review an architecture, assess a vulnerability, explain a threat model, or discuss how you have helped engineering teams resolve security risks.
Please do not include confidential information, customer data, source code, security findings, or proprietary details from current or previous employers during the interview process.
If you need accommodations at any stage of the recruitment process, please let us know in your application.
About Techy Recruiter
Techy Recruiter is a boutique hiring partner for startups and scaleups across Europe and the Gulf. We run searches end to end and care about a clear, fair process for every person who applies.
Equal opportunity
We assess people on merit. All applicants are welcome regardless of background, and we do not discriminate on any basis protected by law.
Your data
We treat your information as confidential and use it only for this hiring process.
Stop the endless job search. Our AI finds and applies to the best jobs for you.
Discover remote opportunities in Others
Answer easy questions
200,000+ jobs across 15+ categories
Get your best job matches
Only hand-screened, legit jobs
Find a remote job faster
No ads, scams, or junk
“ I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!