About the Company Paybis is an international FinTech company operating in the crypto and payments space. We build secure and user-friendly products for both individual and corporate clients worldwide. We are currently forming our Security Operations team and are looking for a skilled Application Security Engineer to take full ownership of the On-Ramp product security and help develop a strong security culture across Paybis. Role Purpose Ensure the security of the On-Ramp product against fraud, abuse, and partner misuse by establishing end-to-end ownership of product security operations.
Immediate priority: take full ownership of On-Ramp security, close visibility gaps, improve threat detection, and eliminate unauthorized partner activity.
Long-term priority: expand into broader application security, co-develop Paybis’ Security Operations function with the incoming Head of Security. Key Responsibilities Immediate focus (First 3–6 months): On-Ramp Product Security * Full ownership of On-Ramp product security. * Detect, investigate, and respond to fraud attempts and partner misuse. * Analyze logs, behaviors, and signals to identify malicious patterns. * Conduct threat modeling and propose necessary security improvements. * Collaborate with the Ramp Stream to implement fixes and secure-by-design features. * Build visibility, consistency, and accountability in On-Ramp security processes. * Produce structured reports on incidents, vulnerabilities, and mitigations for CTO/CIO.
Application Security & Security Operations (Long-term) * Perform threat modeling across all product lines. * Conduct code reviews for security weaknesses (OWASP, business logic flaws). * Support incident response (attack reproduction, RCA, mitigation recommendations). * Introduce secure coding standards and best practices for application security. * Develop security automation for CI/CD pipelines (SAST, SCA, IaC scanning). * Partner with Head of Security to evolve Paybis’ Security Operations function. * Build a sustainable framework for monitoring, tooling, and active abuse detection.
Required Technical Expertise (Must-Have) * Strong application security background or secure backend development experience. * Proficiency in one or more backend languages: Python, Go, Node.js, Java, PHP. * Deep understanding of OWASP Top 10, CWE categories, and business logic vulnerabilities. * Threat modeling experience (STRIDE, attack trees, misuse cases) and architectural analysis. * Hands-on security testing (Burp Suite, ZAP, SAST/DAST/IAST). * Cloud & infrastructure security basics (AWS, Docker, Kubernetes, IaC). * Incident response experience: log analysis, attack reproduction, RCA.
Nice-to-Have Technical Skills: * Security automation and DevSecOps experience. * API and microservices security best practices. * Experience in fintech or crypto products. * Understanding DORA/MiCA security requirements. * Experience with abuse detection, bot protection, and rate limiting.
Soft Skills * Ownership mindset — responsible end-to-end. * Calm under pressure during critical incidents or fraud escalations. * Structured, analytical thinking. * Strong communication with engineering teams. * Ability to influence without direct authority. * Effective cross-team collaboration (Ramp, DevOps, Fraud, Compliance).
What We Offer * Dynamic Environment: Be part of a fast-growing fintech and crypto company with exciting challenges and opportunities. * Collaborative Team: Work with a skilled, supportive, and highly motivated team. * Flexible Working: Remote-first role, with occasional on-site workshops. * Professional Growth: Opportunities for continuous learning and career development. * Competitive Compensation: Salary plus performance-based bonus and benefits.
If you are a hands-on Security Engineer with strong application security expertise and a passion for building secure products, apply now to join Paybis and take ownership of On-Ramp security!
