Application Security Engineer – Remote-First

Application Security Engineer – Remote-First 🚀 Be part of a movement to change the way Europe pays. In today’s digital world, payments often still feel outdated: random delays and confusing rules make it harder than it should be to pay and get paid. The European Payments Initiative (EPI) is here to change all that, forever. With Wero, our digital wallet, we make sending and receiving money simple, seamless and secure across France, Belgium and Germany, with more countries and omnichannel solutions coming soon. Supported by 14 major banks and the two largest European acquirers, EPI is building a new, proudly European payment system: easy, instant and transparent, all for the greater good. What's in it for you We’re hiring an Application Security Engineer to embed security at the heart of our platform. In this role, you’ll act as a subject‑matter expert, guiding teams to design and build secure, scalable systems from the ground up. You’ll influence key strategic decisions on application security architecture, bring modern practices and tooling into our SDLC, and mentor Security Champions across teams. Your expertise will directly strengthen the resilience of our products and support EPI’s mission to build a trusted, sovereign European payment solution. About the team You’ll be part of a pan‑European Product & Engineering organization working at the forefront of secure payment solutions. Spread across Europe, your teammates bring diverse backgrounds and deep expertise, creating a collaborative environment where application security is a shared responsibility and a real driver of innovation. Your impact Embed security into design and development by leading threat modeling, code reviews, and secure architecture decisions Drive continuous improvement of the platform’s application security architecture through modern practices, tooling, and secure API design Contribute to strategic decisions on security architecture, testing methodologies, and tooling across engineering teams Harden scalable system architectures by applying DevSecOps practices, secure design principles, and modern authentication/authorization systems Mentor and support Security Champions to raise security awareness and maturity across teams Collaborate cross‑functionally to deliver scalable, user‑centric, and compliant payment solutions for millions of European users Document and communicate technical architecture, security guidelines, and best practices to ensure shared understanding Kotlin, Ktor, MongoDB, OpenAPI, Docker SAST/DAST/SCA tooling, Kotest To succeed, you should meet at least 70% of these requirements 5+ years of professional experience in securing highly scalable web applications Hands‑on expertise with security testing practices and tooling (SAST, DAST, SCA) and secure API design Solid understanding of secure system architecture, OWASP ASVS, and modern authentication/authorization mechanisms Familiarity with cloud‑native environments and infrastructure‑as‑code (Kubernetes, Terraform) is a plus Strong communication skills and ability to collaborate across engineering, product, and design teams Fluent in English (CEFR C1 or C2); French, German or Dutch or any additional European languages is a plus Experience in the payment or financial services industry is a plus Recruitment steps are A first call with one of our recruiters A technical interview with one of our Application Security engineers A final interview with the Head of Engineering and CISO Hopefully, an offer you can’t refuse We’re looking for someone who is not Focusing only on patching issues rather than shaping design and development Uncomfortable working in a dynamic environment with evolving priorities Preferring solo work instead of collaborating and sharing expertise with other teams Otherwise apply Our commitment to equal employment opportunities EPI offers the same job opportunities to all, without distinction of gender, ethnicity, religion, sexual orientation, social status, disability or age. EPI promotes the development of an inclusive work environment that mirrors the diversity of the clients our product is serving. Seniority level Not Applicable Employment type Other Job function Information Technology Get notified about new Application Security Engineer jobs in Paris, Île-de-France, France. #J-18808-Ljbffr