Job Informationen

Location: Zurich, hybrid Workload: Full-time This is a hands-on technical role for someone who can operate deeply across modern application security disciplines and cloud-native environments. You will contribute to application security across our platform, covering web, mobile, APIs, backend services, and cloud infrastructure, by embedding security into engineering processes, CI/CD pipelines, and runtime environments. Your main responsibilities include: • Integrate and improve security controls within CI/CD pipelines including SAST, DAST, SCA, and IaC scanning to strengthen DevSecOps practices. • Configure, operate, and optimise application security tooling, ensuring findings are actionable and integrated into engineering workflows. • Partner with engineering, platform, and product teams to design and implement secure-by-design architectures, perform threat modelling and promote secure development practices. • Evaluate open-source dependencies and contribute to software supply chain security initiatives. • Assess and secure AI-enabled applications and services, including AI/LLM integrations, AI supply chain risks, model security controls, and secure deployment patterns. • Review and harden Infrastructure-as-Code implementations to enable secure cloud deployment patterns and reusable guardrails. • Assess the security design of smart contracts, blockchain integrations, and third-party Web3 services. • Partner with SOC and engineering teams to improve detection, alerting, and response capabilities for application-layer threats. Your profile: You are an experienced technical security expert who can demonstrate the following skills and experience: 5-7+ years of deep, hands-on experience in application security or DevSecOps in modern engineering environments. Strong experience securing cloud-native architectures (AWS and Azure preferred). Deep understanding of Kubernetes security, containers, and IaC security. Experience reviewing Infrastructure-as-Code and performing secure code reviews across backend, web, and/or mobile applications. Practical knowledge of application security standards, e.g. OWASP Top 10 and API Top 10 in real-world systems. Familiarity with runtime application security concepts including observability, detection engineering, and production security monitoring. Strong understanding of API security concepts including authentication, authorisation, API gateways, and modern identity patterns. Ability to work directly with engineers and influence design and implementation decisions. Experience building AI agents and applying AI to automate security workflows. Solid understanding of cryptography fundamentals and key management (KMS/HSM). Relevant education, certifications, or equivalent practical experience. Bonus points for: Experience with digital asset custody, web3, smart contract or transaction signing workflows. Track record of owning or building an application security function. Background in offensive security, red teaming, or bug bounty. Experience with financial services regulatory requirements (FINMA, MAS, DORA).

Benötigte Skills

• Azure
• Security
• Senior
• CLOUD
• Mobile
• Monitoring
• AWS
• Banken / Finanzgesellschaften
• DevOps
• MAS