Application Security Engineer

The Role

We are looking for an Application Security Engineer to be a core technical pillar of our new Application Security team. This is a hands-on technical leadership role without people management responsibilities.

You will be the go-to person for security architecture, secure coding practices, and vulnerability management.

Your primary mission is to ensure the integrity of our core platforms—the Exchange and GRX Pay—by building automated security systems and defining the standards that protect our users' assets. You will analyze the existing infrastructure to understand its strengths and weaknesses, developing a clear strategy to harden and evolve it.

While this is a remote-first role, you should be based in a CET-adjacent timezone to collaborate effectively with colleagues. You can also expect to travel for periodic in-person team gatherings.

What You’ll Do

• Architect Secure Systems: Design, build, and maintain the security frameworks for our web and mobile applications, ensuring security is baked into the platform from the start.
• Audit and Hardening: Analyze the existing codebase and infrastructure to identify vulnerabilities. Develop and execute a strategy for incrementally refactoring legacy features into the new, secure platform.
• Secure the Exchange: Profile and optimize our applications to ensure a reliable and secure experience for the data-intensive Golden Ratio Exchange.
• Set the Standard: Define and enforce best practices for code quality, security testing, and automated vulnerability scanning (e.g., SAST, DAST) across all codebases.
• Technical Leadership: Act as the primary technical mentor for other engineers regarding secure development life cycles (SDLC). Solve the most complex challenges related to cryptography and data protection.
• Collaborate: Work closely with the Security Manager and Product teams to translate business needs into scalable, secure technical solutions.

What We’re Looking For

• Experience: 3+ years of professional experience in application security or software engineering with a heavy focus on security.
• Legacy Systems Experience: Demonstrable experience working with and securing large, existing codebases. You see complex legacy code as a challenge to be solved, not avoided.
• Technical Expertise: Expert-level knowledge of web and mobile security vulnerabilities (OWASP Top 10) and deep familiarity with TypeScript or React environments.
• Security Mindset: Experience building or maintaining shared security libraries or automated security tooling. You enjoy building tools that make other developers more productive and secure.
• Quality Focus: A deep commitment to code quality, automated testing, and integrating security into CI/CD pipelines.
• Location: Based in a timezone adjacent to Central European Time (CET) for optimal team collaboration.
• Communication: Excellent skills in articulating complex technical security concepts clearly to both technical and non-technical stakeholders.

What We Offer

• High-Impact Role: A unique opportunity to be a founding technical expert for application security, making key architectural decisions.
• Clear Ambition: The chance to join a company with a clear goal of becoming the #1 crypto platform in the EU.
• Greenfield Culture, Brownfield Code: A rare chance to join a new company culture with no baggage, while solving the interesting technical challenges of a mature product.
• Flexibility & Connection: A 100% remote-first role with periodic, all-expenses-paid team gatherings and a new hub in Ticino, Switzerland.