Application Security Engineer

Join our dynamic team at
IC Markets
as an
Application Security Engineer
and help shape the future of FinTech innovation. This full-time, on-site opportunity based in
Limassol
offers you the chance to make a real impact in a fast-paced and forward-thinking environment. Apply now and take the next step in your career with us

Who We Are:

IC Markets, a global leader in trading with over
15 years of success
, a strong international presence, and a team of skilled professionals, remains at the forefront of financial technology innovation. As an agile company that values growth and collaboration, we offer an exciting opportunity to be part of a dynamic industry where innovation meets excellence.

What You'll Do:

As an
Application Security Engineer
, you will be responsible for
embedding security into the software development lifecycle
and protecting customer-facing and internal applications from vulnerabilities and abuse.

The role combines
secure SDLC ownership, security tooling, threat modelling, security testing
, and close cooperation with development, product, and cloud/infrastructure teams. The focus is on building repeatable practices that allow development teams to deliver features quickly while maintaining a strong security posture.

Key Responsibilities

Secure SDLC Ownership

• Define and maintain the organisation's secure software development lifecycle.
• Introduce security requirements at the earliest design and discovery stages.
• Establish security checkpoints in each phase of the lifecycle, from design and implementation to testing and deployment.
• Ensure product and engineering teams include clear security acceptance criteria in user stories and technical tasks.
• Work with engineering leaders to ensure security gates are predictable, measurable, and aligned with delivery timelines.

Code, Dependencies & Supply Chain Security

• Take operational ownership of automated application security tooling, including static code analysis, software composition analysis, and dynamic testing.
• Integrate security tools into continuous integration and delivery pipelines with risk-based thresholds and build policies.
• Tune rules, policies, and workflows to reduce false positives while keeping strong coverage on high-impact issues.
• Define and promote approaches for dependency and package management that encourage the use of centrally approved components.
• Coordinate upgrades or mitigation work when serious vulnerabilities are disclosed in frameworks, libraries, or third-party components.

Threat Modeling & Design Reviews

• Lead structured threat modeling sessions for new applications, services, and significant changes to existing products.
• Analyze application architectures, data flows, and trust boundaries and document the main threats, required countermeasures, and resulting engineering work.
• Perform security-focused design reviews for planned changes that impact sensitive data, business-critical flows, or integration with external parties.
• Provide reusable design guidance for core security functions, including authentication, authorization, session management, input and output handling, and tenant isolation.

API & Web / Mobile Security

• Define and maintain application and API security standards, including identity and access patterns, token usage, session management, rate control, and schema validation.
• Review API and web application designs for alignment with these standards and with recognized application security practices.
• Work with cloud and infrastructure security teams on the configuration of runtime protections around applications, including web application protection, API gateways, and automated abuse and bot detection.
• Provide guidance for future mobile or desktop clients on secure storage, channel protection, and resilience against reverse engineering and tampering.

Security Testing & Offensive Work

• Plan and coordinate internal and external application security testing activities, including penetration tests and focused assessments.
• Define the scope, objectives, environments, and test data needs for these activities, and ensure that results are documented and understood by owners.
• Track remediation activities end-to-end, ensuring that fixes are implemented, verified, and integrated back into secure design patterns and tooling.
• Perform targeted application security testing directly for higher-risk areas and new critical functionality.

Developer Enablement & Culture

• Create and maintain secure coding guidelines aligned with the organization's main technologies and platforms, using industry recognized references.
• Deliver training and workshops for development and quality teams on practical application security topics, common vulnerability classes, and recurring issues observed in the codebase.
• Support a community of security-minded engineers through a structured program in which representatives from delivery teams collaborate regularly with the security function on upcoming changes, issues, and improvements.
• Contribute to documentation, knowledge bases, and self-service guidance that help teams make secure decisions without heavy process overhead.

Collaboration & Metrics

• Work closely with cloud, infrastructure, and observability teams on logging requirements for applications, including what to log, where to send it, and how to protect log data.
• Define security-relevant runtime signals for applications and collaborate on rules and controls in surrounding protection layers.
• Establish and maintain application security metrics and dashboard views, covering secure SDLC adoption, issue trends, tool coverage, remediation throughput, and other indicators useful to engineering and management stakeholders.
• Provide concise written and verbal reports on application security posture, significant risks, and progress of improvement initiatives.

Qualifications / Experience

• Professional experience in application security, product security, or a closely related discipline, with significant interaction with software engineering teams.
• Practical background in at least one modern application stack and familiarity with common web and API architectures.
• Hands-on experience with secure SDLC practices, automated security testing, dependency management, and remediation workflows.
• Experience with threat modeling, security design reviews, and application security testing.

Skills & Competencies

• Strong understanding of common web, API, and mobile security risks and relevant industry references and standards (e.g., OWASP Top 10).
• Ability to read and reason about code in at least one of the main languages used internally and to give actionable guidance to development teams.
• Familiarity with security testing tools and platforms (e.g., SAST, DAST, SCA) and with integrating them into engineering workflows.
• Strong communication skills, with the ability to translate complex security topics into clear, practical guidance for engineers and product stakeholders.

Education & Certifications

• Degree in Computer Science, Information Security, Engineering or a related discipline, or equivalent practical experience.
• Relevant security or application-focused certifications (e.g., CISSP, OSCP, CSSLP) are considered an advantage.

Personal Attributes

• Strong sense of ownership for application security outcomes and a collaborative approach to working with product and engineering teams.
• Structured, analytical mindset with attention to detail and a focus on sustainable, scalable solutions.
• Interest in staying current with emerging application security threats, techniques, and defensive practices.

Working Schedule:

Hybrid Model (3 days from the Office, 2 days from home)

Monday to Friday: 09:00 – 17:00

Why Join Us? Experience Rewards Beyond Just a Job Because You Matter.

• Competitive Pay
  – We value
  you
  , not just your role. Our compensation reflects the skills and experience you bring to the table.
• Career Growth
  – Your journey is important. We're here to support your development with ongoing learning and clear paths to advancement.
• Work-Life Balance
  – Time to rest is time to thrive. With 22 days of annual leave, your personal life is respected and prioritized.
• Wellness & Healthcare
  – Health comes first. Enjoy 12 paid sick days and full medical insurance coverage after 6 months—because your well-being is our priority.
• Future Security
  – We're invested in your tomorrow. Access our provident fund after 6 months for peace of mind down the road.
• Snack Hub
  – We care about your daily comfort. Our fully stocked kitchen keeps you energized with fresh fruit, snacks, and beverages.
• Lunch on Us
  – Nourishment and connection matter. Enjoy a delicious daily lunch buffet with teammates.
• Paid Overtime
  – Your extra effort doesn't go unnoticed. We recognize and reward the time you put in.
• Learning & Development
  – We believe in your potential. Dedicated budgets support your upskilling and curiosity.
• Referral Bonus
  – People matter here. Bring in great talent and get rewarded for growing our community.
• Team Spirit
  – Culture is everything. Join a team that celebrates together through events and team-building activities.
• Fitness & Recreation
  – Stay active and refreshed with access to gym facilities, organized sports, and relaxing spa treatments.
• Unwind Fridays
  – We're human too. Enjoy a relaxed Friday drink with colleagues to close the week on a high note.

Our culture is built on empathy, respect, and trust, because at the heart of everything we do is
you
.

Your next big opportunity starts here

• Apply now at and let's build something incredible together
• Thank you for your interest in joining IC Markets. Due to the high volume of applications, only candidates under consideration will be contacted. All applications are handled with the strictest confidentiality.