Senior Application Security Engineer

• Design, implement, and aggressively scale a Secure Software Development Life Cycle (SSDLC). You will define the processes, select the tools, and set the standards for secure coding across the engineering organization.
• Run developer security training.
• Lead threat modeling and security architecture reviews.
• Embed security across the SDLC, from backlog to production.
• Integrate and tune security scanning tools (SAST, DAST, SCA, IAST, secret scanning) to catch vulnerabilities and security risks early.
• Research novel attack techniques and security weaknesses, and automate their detection using innovative tools and approaches.
• Triage, validate, and prioritize vulnerabilities discovered through automated tools and external penetration tests. Guide the engineering teams on effective remediation strategies.
• Partner with platform engineers on container, API, and infrastructure security.
• Collaborate closely with stakeholders across Security, Privacy, Compliance to integrate security capabilities into banking applications.
• Support incident response for application-level events and drive lessons learned.
• Establish KPIs for application security to track our risk posture, visibility, and remediation velocity.

• 5+ years in application security, or a senior engineering role with a strong security focus.
• Track record of building or maturing an AppSec function.
• Deep knowledge of OWASP, ASVS, and modern web and API attack techniques.
• Hands-on threat modeling experience (STRIDE, attack trees, or similar).
• Strong skills in at least one backend language (Java, Kotlin, Go, Python, or similar).
• Experience integrating security tooling into CI/CD (GitHub Actions, GitLab CI, Jenkins, or similar).
• Familiarity with cloud (AWS, Azure, or GCP) and container security (Docker, Kubernetes).
• Able to explain risk clearly to both engineers and non-technical stakeholders.
• Comfortable working autonomously and shaping your own roadmap.

Nice to have:

• Fintech, banking, or other regulated industry background.
• Knowledge of DORA, PCI DSS, or NIS2.
• Offensive security experience (CTFs, bug bounty, OSCP, or similar).
• Contributions to open source security tools or research.

• Competitive Compensation: Structured annual salary review with performance-based bonuses.
• Hybrid Work Model: Enjoy the flexibility of working both in a modern Kaunas office and remotely.
• Growth Opportunities: Participate in tailored career development programs and take on exciting challenges in a dynamic environment.
• Perks and Benefits: Health insurance after probation, additional trust days, team-building events, and involvement in charitable activities.
• Supportive Environment: Join a company that values teamwork, creativity, and continuous learning.
• Health & Well-being: Private health insurance, wellness initiatives, and annual health check-ups.
• Financial Security: Pension or investment plan with employer-matching contributions.
• Additional Time Off: Extra leave, sick days without a certificate, and support during difficult times.
• Bonuses & Support: Referral bonus and financial support in special situations.
• Culture & Community: Engagement platform, team events, and seasonal gifts.
• Flexibility: Hybrid work model and flexible working hours.