Information Security Engineer (AppSec)

About RevolutPeople deserve more from their money. More visibility, more control, and more freedom. Since 2015, Revolut has been on a mission to deliver just that. Our powerhouse of products — including spending, saving, investing, exchanging, travelling, and more — help our 70+ million customers get more from their money every day.As we continue our lightning-fast growth,‌ 2 things are essential to our success: our people and our culture. In recognition of our outstanding employee experience, we've been certified as a Great Place to Work™. So far, we have 13,000+ people working around the world, from our offices and remotely, to help us achieve our mission. And we're looking for more brilliant people. People who love building great products, redefining success, and turning the complexity of a chaotic world into the simplicity of a beautiful solution.About the roleOur Technology team builds the systems and experiences that keep Revolut moving. From the infrastructure behind our innovative app to the features used by millions of people around the world, they bring sharp thinking, speed, and a focus on meaningful impact to everything they do.We’re looking for an Application Security Engineer to keep our software safe from threats and vulnerabilities. You'll be designing and building apps with security in mind while testing, monitoring, and protecting our systems along the way.Up to shape what's next in finance? Let's get in touch.What you'll be doingPerforming security assessments on product designs, mobile apps (iOS/Android), web applications, and APIsParticipating in Red Team missions and threat-led testing scenarios to simulate real-world attacker behaviours and validate detection and response capabilitiesLeading and conducting penetration testing across applications, infrastructure, and APIs, using a mix of manual techniques and automated toolsManaging and evolving our private bug bounty programme, validating submissions, collaborating with researchers, and ensuring timely resolution of valid findingsContributing to and influencing cloud security posture, identifying misconfigurations and working with DevOps to implement best practices across GCP and AWSPartnering closely with engineering teams to embed security into the software development lifecycle, offering guidance on secure architecture and threat modellingDeveloping and enforcing internal AppSec standards, policies, and practices aligned with OWASP, NIST, and industry benchmarksContinuously researching and evaluating emerging threats, tools, and technologies to stay ahead of the evolving threat landscapeContributing to internal security training sessions, knowledge sharing, and mentoring of junior team membersWhat you'll need3+ years of hands-on experience in application security, penetration testing, or a related security engineering roleA solid understanding of common web, mobile, and API vulnerabilities (e.g., OWASP Top 10, CWE) and practical approaches to identify and remediate themExperience conducting code reviews, design reviews, and threat modelling for modern application architecturesFamiliarity with DevSecOps practices and integrating security tooling into CI/CD pipelinesWorking knowledge of authentication, authorisation, session management, and cryptographic best practicesProficiency with security tools, such as Burp Suite, MobSF, Frida, or custom scripts, for dynamic and static analysisA basic understanding of cloud security principles and experience working with GCP or AWS environmentsGreat communication skills with the ability to collaborate effectively with Engineering, Product, and DevOps teamsA proactive mindset with a passion for solving complex problems and driving secure engineering practicesThe ability to work independently while also being a trusted team player in a fast-paced environmentNice to haveExperience participating in Red Team exercises, managing bug bounty programmes, or contributing to open-source security tools or researchCompensation rangeKrakow: PLN20,200 - PLN29,100 gross monthly*Poland: PLN20,200 - PLN29,100 gross monthly*Other locations: Compensation will be discussed during the interview process*Final compensation will be determined based on the candidate's qualifications, skills, and previous experienceBuilding a global financial super app isn’t enough. Our Revoluters are a priority, and that’s why in 2021 we launched our inaugural D&I Framework, designed to help us thrive and grow everyday. We're not just doing this because it's the right thing to do. We’re doing it because we know that seeking out diverse talent and creating an inclusive workplace is the way to create exceptional, innovative products and services for our customers. That’s why we encourage applications from people with diverse backgrounds and experiences to join this multicultural, hard-working team.