Application Security Lead

 Posted 4 hours ago
     
5-10 years experience
Apply Now

Please mention DailyRemote when applying

AI Summary

Lead the application security program across mobile, web, and backend services to identify risks early in the software development lifecycle. Define security standards, conduct technical reviews, and partner with engineering teams to remediate vulnerabilities without hindering delivery.

Your application and all hiring communication for this role run through the Techy Recruiter team.

About Ajaib

Ajaib is an Indonesian investment platform helping people access and manage investments across stocks, crypto, and U.S. stocks. As the platform continues to grow, protecting our customers, products, and technology is fundamental to maintaining trust.

We’re looking for an Application Security Lead to strengthen security across our mobile applications, APIs, backend services, and software-development lifecycle.

The role

You’ll lead application security across Ajaib’s product and engineering organisation.

This is a hands-on role where you’ll work closely with engineers, product teams, infrastructure, and the wider security function to identify risks early and make secure development part of how we build and release software.

You’ll define application-security standards, improve security testing and automation, lead technical reviews, and help engineering teams resolve vulnerabilities without slowing down delivery.

What you’ll do

  • Define and lead Ajaib’s application-security programme across mobile, web, APIs, and backend services

  • Build application-security standards, processes, and controls across the software-development lifecycle

  • Partner with engineering and product teams to embed security into product design and development

  • Lead threat-modelling sessions for new products, features, architectures, and integrations

  • Conduct security architecture reviews, code reviews, and application-security assessments

  • Own and improve SAST, DAST, software-composition analysis, secrets detection, and dependency-scanning capabilities

  • Integrate application-security testing into CI/CD pipelines

  • Identify, prioritise, and track vulnerabilities through remediation and verification

  • Work with engineering teams to provide practical remediation guidance and secure coding recommendations

  • Coordinate penetration testing, security assessments, and responsible-disclosure activities

  • Strengthen security across mobile applications, APIs, authentication flows, customer accounts, and sensitive transactions

  • Help investigate application-related security incidents and support root-cause analysis

  • Define application-security metrics, reporting, and risk indicators

  • Deliver secure-development training and build security champions within engineering teams

  • Mentor application-security engineers and help grow the team’s technical capabilities

  • Stay current with emerging vulnerabilities, attack techniques, and security risks affecting financial and investment platforms

What you bring

  • Strong experience in application security, product security, security engineering, or penetration testing

  • Experience leading application-security initiatives or mentoring security engineers

  • Strong knowledge of mobile, web, API, and backend application security

  • Experience securing applications built on modern cloud and distributed architectures

  • Deep understanding of common application-security risks, including the OWASP Top 10 and OWASP API Security Top 10

  • Hands-on experience with threat modelling, secure code review, vulnerability assessment, and penetration testing

  • Experience using and implementing SAST, DAST, software-composition analysis, and secrets-detection tools

  • Familiarity with mobile application security across Android and iOS

  • Ability to understand code in one or more modern programming languages

  • Experience integrating security checks into CI/CD and developer workflows

  • Strong understanding of authentication, authorisation, session management, encryption, and secure API design

  • Ability to communicate security risks clearly and provide practical, developer-friendly solutions

  • Strong written and spoken English

Nice to have

  • Previous experience within fintech, banking, brokerage, payments, investment, or cryptocurrency platforms

  • Experience with Android or iOS application security testing

  • Familiarity with the OWASP Mobile Application Security Verification Standard and OWASP Application Security Verification Standard

  • Experience running bug-bounty or responsible-disclosure programmes

  • Knowledge of container, Kubernetes, and cloud-native application security

  • Experience with fraud prevention, account-takeover protection, and transaction security

  • Security certifications such as OSCP, OSWE, CSSLP, CISSP, or equivalent

  • Experience building an application-security programme in a fast-growing organisation

Why join

  • High-impact ownership: shape application security across a growing financial platform

  • Hands-on influence: work directly with engineers and improve how products are designed, built, tested, and released

  • Meaningful challenges: secure mobile applications, APIs, customer accounts, investment data, and financial transactions

  • Security at scale: help build processes and automation that grow with the business

  • Leadership opportunity: mentor engineers, build a security-champion culture, and help define Ajaib’s application-security standards

Notes to Applicants

A few things worth knowing before you apply:

Interviews may include technical, leadership, and application-security scenario discussions. You may be asked to review an architecture, assess a vulnerability, explain a threat model, or discuss how you have helped engineering teams resolve security risks.

Please do not include confidential information, customer data, source code, security findings, or proprietary details from current or previous employers during the interview process.

If you need accommodations at any stage of the recruitment process, please let us know in your application.

About Techy Recruiter
Techy Recruiter is a boutique hiring partner for startups and scaleups across Europe and the Gulf. We run searches end to end and care about a clear, fair process for every person who applies.

Equal opportunity
We assess people on merit. All applicants are welcome regardless of background, and we do not discriminate on any basis protected by law.

Your data
We treat your information as confidential and use it only for this hiring process.

Similar Jobs

See all Remote Others jobs →

Personalize your Remote Job Search in 3 Easy Steps!

Discover remote opportunities in Others

Answer easy questions

Answer easy questions

200,000+ jobs across 15+ categories

Get your best job matches

Get your best job matches

Only hand-screened, legit jobs

Find a remote job faster

Find a remote job faster

No ads, scams, or junk

I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!

Sarah J. — Sarah J. · Marketing Manager ★★★★★ Verified