Senior Application Security Engineer
M&T BankSalary not specified
Full Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
FinTech, FinanceIndustries
Requirements
- At least 8 years of work experience in software or data engineering, ideally in financial services and/or fintech industry
- At least 8 years of hands-on experience in information security, cybersecurity, or cloud security roles
- Advanced scripting or programming ability in Python, TypeScript, and Bash
- Strong understanding of network security, encryption, authentication, and access control
- Extensive experience with cloud platforms such as AWS/Azure, and preferably GCP, along with cloud-native technologies
- Experience implementing zero-trust architecture, secrets management (e.g., HashiCorp Vault), and DevSecOps practices
- Familiarity with container and orchestration security (Docker, Kubernetes, Istio)
- Experience conducting or leading threat modeling, penetration testing, or incident response
- Experience with application security practices, such as code scanning (e.g., Snyk, Checkmarx) and OWASP Top 10
- Familiarity with SIEM tools, intrusion detection systems, and endpoint protection
- Ability to implement and maintain identity and access management policies (SSO, MFA, RBAC)
- Understanding of financial regulatory standards such as SOC 2, ISO 27001, PCI-DSS, or GDPR
- Basic knowledge of risk assessment and compliance requirements in a fintech environment
- Strong communication skills with ability to collaborate across engineering, product, and compliance teams
- Ability to explain complex security concepts in simple terms to non-technical stakeholders
- Based in Singapore, or have plans to relocate
Responsibilities
- Monitor and triage security issues discovered by security posture monitoring tools
- Identify and fix vulnerabilities in web/mobile apps
- Perform code reviews and plan penetration testing
- Implement secure development practices (DevSecOps)
- Collaborate with developers to secure new and existing features
- Secure cloud deployments
- Set up firewalls, proxies, IAM policies, VPCs, and network monitoring dashboards
- Configure and manage encryption keys and other secrets
- Ensure adherence to financial compliance standards (e.g., SOC 2, MAS, GDPR, ISO 27001)
- Conduct risk assessments and audits
- Support documentation and evidence gathering for audits
- Monitor systems for suspicious behavior or data breaches
- Set up and tune SIEM tools (like Splunk or Datadog)
- Lead or support incident response (IR) and post-mortem analysis
- Implement controls for data encryption, tokenization, and access control
- Ensure customer financial data (e.g., KYC, investment info) is protected
- Educate the team on phishing, secure coding, and access hygiene
- Define and setup endpoint security policies
- Help foster a “security-first” culture in a fast-moving startup
Skills
DevSecOps
Penetration Testing
Code Reviews
IAM
VPCs
Firewalls
Proxies
Encryption
Secrets Management
SOC 2
GDPR
ISO 27001
Cloud Security
Incident Response
Risk Assessments
Arta Finance
Provides personalized investment strategies and services
About Arta Finance
Arta Finance provides tailored investment solutions for a variety of clients, including individual investors and institutional entities. The company focuses on creating personalized investment strategies that align with the specific financial and tax needs of its clients. Revenue is generated primarily through management fees for overseeing investment portfolios and transaction fees for executing trades. Arta Finance promotes a client-centric approach, encouraging clients to evaluate investment opportunities based on their own objectives and risk tolerance. While the company offers expert advice, it does not guarantee the success of its strategies, emphasizing the risks involved in investing. Additionally, it advises clients to consult tax professionals to consider tax implications before making investment decisions.
Mountain View, CaliforniaHeadquarters
2021Year Founded
$87.5MTotal Funding
SERIES_ACompany Stage
Financial ServicesIndustries
51-200Employees
Benefits
Health insurance
High deductible health plan available with HSA contribution
Complimentary one medical membership
20 weeks of parental leave
15 days PTO annually
National & company holidays
Risks
Increased competition from other AI-driven wealth management platforms could dilute market share.
Global expansion may expose Arta Finance to geopolitical risks and regulatory challenges.
Partnerships with large entities like Google Cloud may lead to dependency risks.
Differentiation
Arta Finance democratizes wealth management using AI, making it accessible to more people.
The company offers personalized investment strategies tailored to individual client needs.
Arta Finance partners with tech giants like Google Cloud to enhance platform scalability and security.
Upsides
AI-driven personalization in wealth management is gaining traction, benefiting Arta Finance.
The demand for digital wealth management platforms is projected to grow significantly by 2030.
Arta's global expansion, including Singapore, positions it as a leader in digital wealth management.
Related Jobs
RemoteRemoteSecurity Engineer, Cloud Security
Red Cell PartnersSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSecurity Architect
EarnestSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteSales Engineer - Federal
SpyCloudSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteSecurity Engineer, Infrastructure Security
OpenAI$292,500 - $405,000/year
- Full Time
- Junior (1 to 2 years)
RemoteSecurity Operations Lead
EarnestSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemotePrincipal DevSecOps Engineer
Second Front SystemsSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSr. Information Security Analyst
ValonSalary not specified
- Full Time
- Senior (5 to 8 years)