Our Technology team builds the systems and experiences that keep Revolut moving. From the infrastructure behind our innovative app to the features used by millions of people around the world, they bring sharp thinking, speed, and a focus on meaningful impact to everything they do.
We’re looking for an Application Security Engineer to keep our software safe from threats and vulnerabilities. Youll be designing and building apps with security in mind while testing, monitoring, and protecting our systems along the way.
Up to shape whats next in finance? Lets get in touch.
responsibilities :
Performing security assessments on product designs, mobile apps (iOS/Android), web applications, and APIs
Participating in Red Team missions and threat-led testing scenarios to simulate real-world attacker behaviours and validate detection and response capabilities
Leading and conducting penetration testing across applications, infrastructure, and APIs, using a mix of manual techniques and automated tools
Managing and evolving our private bug bounty programme, validating submissions, collaborating with researchers, and ensuring timely resolution of valid findings
Contributing to and influencing cloud security posture, identifying misconfigurations and working with DevOps to implement best practices across GCP and AWS
Partnering closely with engineering teams to embed security into the software development lifecycle, offering guidance on secure architecture and threat modelling
Developing and enforcing internal AppSec standards, policies, and practices aligned with OWASP, NIST, and industry benchmarks
Continuously researching and evaluating emerging threats, tools, and technologies to stay ahead of the evolving threat landscape
Contributing to internal security training sessions, knowledge sharing, and mentoring of junior team members
requirements-expected :
3+ years of hands-on experience in application security, penetration testing, or a related security engineering role
A solid understanding of common web, mobile, and API vulnerabilities (e.g., OWASP Top 10, CWE) and practical approaches to identify and remediate them
Experience conducting code reviews, design reviews, and threat modelling for modern application architectures
Familiarity with DevSecOps practices and integrating security tooling into CI/CD pipelines
Working knowledge of authentication, authorisation, session management, and cryptographic best practices
Proficiency with security tools, such as Burp Suite, MobSF, Frida, or custom scripts, for dynamic and static analysis
A basic understanding of cloud security principles and experience working with GCP or AWS environments
Great communication skills with the ability to collaborate effectively with Engineering, Product, and DevOps teams
A proactive mindset with a passion for solving complex problems and driving secure engineering practices
The ability to work independently while also being a trusted team player in a fast-paced environment
offered :
Financial benefits that show we value your work
Medical insurance for you and your close ones
Flexibility to work from home, the office or abroad
A free Revolut Metal subscription loaded with perks
Exciting events year-round so you can get to know your team
