Senior Application Security Engineer

RiseUp is a profit with purpose company. Our mission is to give Israelis the power to RiseUp financially. We believe the best way to change the financial reality in Israel and beyond, is by building a world class company with an amazing product, cutting edge technology and a strong brand. With dozens of thousands of customers in Israel, we are now making our mission global with an upcoming launch in Europe. Backed by leading global investors, RiseUp is a unique opportunity to make a significant social impact at scale at a for profit company.

RiseUp translates the chaos of the personal financial world into one simple number and empowers people to make sound financial decisions with the support of objective human advisors and a 60,000 members strong community.

RiseUp is looking for a Senior Application Security Engineer – an experienced & qualified individual to join our security team and take point on product, cloud, infrastructure and R&D security & privacy. The senior engineer will partner with the CISO in leadership of our security mission at RiseUp!

The Senior Security Engineer will be responsible for:

  • Assessing & implementing security in code, applications, infrastructure, CI/CD and enterprise technologies initiatives;
  • Threat model, design and drive engineering solution to preserve & improve security, privacy and user trust in technology;
  • Lead projects aimed at security of or privacy in open source, web applications, and cloud infrastructure risks, inclusive of implementing security technologies, tools & controls;
  • Helping steer and maintain security at RiseUp across all domains, inclusive of via training, vendor & tools security assurance, audits(like ISO 27001) & vulnerability management and more.

We are looking for someone who has:

  • Experience of five years, or more in software or engineering security roles
    • Or 10+ years of experience in technical roles with security responsibilities
    • Working with developers
  • Experience working in R&D or with R&D and infrastructure teams
    • Inclusive of training, code & infrastructure review, solution design and security assessment
  • the following technologies;
    • AWS, docker, github, nodejs, git, application secrets management, software vulnerability scanning, linux-based web servers, cicd, npm
  • the following security tools;
    • software vulnerability scanning, endpoint security/mdr, web application firewall, open source / software inventory security management, burp proxy, fuzzers, etc
  • Can code or script in bash and/or nodejs (javascript)
  • Demonstrates technical security excellence via open source contributions, collaborative research with non-for-profit groups, technical certifications, stack exchange and/or senior security certifications such as CISSP, Offensive Security, AWS or GIAC

Soft skills and Fit – 

  • An outgoing people-influencer, communicator and ally-maker
  • A driven & proactive problem solver who’s happy to take on any task or technology and is always eager to learn more

You will be an integral part of an established and growing team, leading in your respective domains but also contributing to other core security operations.

We have a stellar team and a wonderful mission – join us!

Join us