Job Description
The Pepperstone story started in 2010. We know what it’s like to trade the world’s markets. Our team describes us as a place for the curious and the driven, and we like to do things a little differently; as a transformative global fintech we’re digital, nimble, connected, and united in our vision to create a better way to trade. We thrive on progress – for our clients and for ourselves. Our organisational culture is ever-evolving, vibrant, diverse, global and results focused. You’ll find our 550+ team currently across 11 locations and 9 time zones.
The Role The Application Security Engineer exists to embed security throughout the software development lifecycle at Pepperstone. You will partner with engineering and product teams to identify, assess, and remediate security vulnerabilities in our applications and APIs, ensuring that security is a first-class citizen in every release.
You will drive adoption of secure coding practices, conduct application security assessments, and help build a security-aware engineering culture across the organisation.
This position reports to Head of Product Security, Limassol, Cyprus. Our team is made up of individuals from all walks of life, each bringing unique experiences and perspectives that enrich our work and culture. We truly value this diversity and are excited to welcome someone who is open-minded, adaptable, and enthusiastic about collaborating in a globally connected and inclusive environment.
What You’ll Be Doing
- Perform application security assessments including threat modelling, secure code reviews, and penetration testing across web, mobile, and API surfaces.
- Partner with development teams to integrate security controls into CI/CD pipelines using SAST, DAST, SCA, and secrets detection tooling.
- Identify, triage, and track vulnerabilities through to remediation, working closely with engineering teams to provide actionable guidance.
- Define and maintain application security standards, secure coding guidelines, and developer-facing security documentation.
- Champion security-by-design principles and provide hands-on guidance during the design and architecture phases of new features and products.
- Lead and support bug bounty and responsible disclosure programmes, coordinating triage and remediation of externally reported issues.
- Conduct security training and awareness sessions for software engineers, embedding secure development practices across teams.
- Evaluate third-party libraries, open-source components, and vendor integrations for security risk.
- Collaborate with the broader Security team on incident response activities related to application-layer vulnerabilities.
About You
- 8+ years of experience in information security, with at least 3 years specialising in application security or software security engineering.
- Solid understanding of common vulnerability classes including OWASP Top 10, business logic flaws, and API security risks.
- Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, Semgrep, Checkmarx, Snyk, or equivalent.
- Proficiency in at least one programming or scripting language (Python, JavaScript, Java, Go, or similar) to support code review and automation.
- Experience integrating security tooling into CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI, or similar).
- Familiarity with cloud security principles across AWS, Azure, or GCP, particularly as they relate to application hosting and deployment.
- Strong communication skills with the ability to articulate security risk to both technical and non-technical stakeholders.
- Relevant certifications such as OSCP, GWEB, CEH, or equivalent are advantageous.
- Experience in a regulated financial services or fintech environment is a plus.
- Fluency in English; Hungarian language skills are an advantage.
- Ability to live the Pepperstone values.
- Committed to ongoing learning and development
Why you will enjoy working with us
- Competitive salary structure including company bonus scheme
- Genuinely collaborative and friendly culture
- Flexible and hybrid working
- Remote working option - work from anywhere for up to 6 weeks per year
- Ongoing personal development & learning opportunities
- 3 paid volunteering days per year & Workplace Giving Program
- Periodic recognition and reward programs for outstanding performance and achievements
- Frequent events and celebrations
- Comprehensive medical insurance with coverage for your healthcare needs
- Pension fund
- Employee Assistance Program & Wellbeing Initiatives
- Convenient and cozy office located near Astoria at KLUSTER Coworking
More about Pepperstone We’re a regulated online Forex and CFD trading platform. With the scale of a global fintech and the agility of a start-up, we arm our clients with everything they need to take on the global markets with confidence. You will be part of a wider passionate and friendly team, and whilst things may not always go to plan, we learn quickly and move forward with impact. To learn even more visit and
We understand it’s important to do due diligence on a prospective employer and see what our team is saying on . We respect our team members’ experiences and will never pay to remove a negative review.
Pepperstone is an equal-opportunity employer. We are passionate about building a diverse workplace and strongly encourage applications from any background.
“We are a 2025 Circle Back Initiative Employer – we respond to every applicant”.
We will be reviewing applications as they come through, so if this is an opportunity that excites you, don’t wait. Express your interest by clicking the apply button below as soon as possible.
Note to external agencies: While we appreciate the efforts of external recruitment agencies, we prefer to engage directly with applicants for this opportunity.
