About Us:
Jiway S.A., a member of the INTALIO group, is a Luxembourg-based company specializing in cutting-edge digital solutions for financial professionals in Luxembourg, Switzerland, and beyond.
As an ESR-certified organization, we focus on optimizing business processes, regulatory compliance, and operational efficiency. Our innovative platforms help banks enhance customer engagement and satisfaction.
At Jiway S.A., we foster a culture of collaboration, innovation, and ownership, supporting employee growth and work-life balance while continuously improving customer experience.
We’re hiring! Join our talented team and shape the future of financial technology.
Job Summary:
We are looking for a skilled and detail-oriented Application Security Engineer with strong experience in penetration testing, backend code security reviews (Java), and Jenkins pipeline development. The ideal candidate will play a key role in identifying vulnerabilities, improving code security, and automating secure deployment pipelines to ensure our applications are safe, stable, and efficiently delivered.
Responsibilities:
- Perform penetration testing on applications and infrastructure to identify vulnerabilities and security weaknesses.
- Conduct in-depth security reviews of Java backend code to identify insecure coding practices and potential threats.
- Design, build, and maintain Jenkins pipelines for automated builds, testing, and deployment processes.
- Collaborate with development and DevOps teams to ensure secure coding and deployment standards.
- Integrate security tools and scanning into CI/CD pipelines (e.g., static code analysis, SAST, DAST).
- Document findings, provide remediation guidance, and help teams implement security best practices.
- Stay current with evolving threats, vulnerabilities, and mitigation strategies.
Requirements:
- Proven experience in application security, penetration testing, or DevSecOps roles.
- Strong understanding of Java backend development and common security vulnerabilities (e.g., OWASP Top 10).
- Hands-on experience with Jenkins and creating complex CI/CD pipelines.
- Familiarity with tools such as Burp Suite, OWASP ZAP, SonarQube, Snyk, or other SAST/DAST tools.
- Understanding of DevOps practices, version control (e.g., Git), and containerization (e.g., Docker, Kubernetes) is a plus.
- Excellent problem-solving and communication skills.
- Bachelor’s degree in Computer Science, Cybersecurity, or related field (or equivalent practical experience).
Nice to Have:
- Certifications such as OSCP, CEH, CISSP, or GIAC.
- Experience with cloud platforms (AWS, Azure, GCP) and securing cloud-native applications.
