Application Security Engineer

Join the fastest growing fintech in Europe. Copper is the connection between the worlds of Crypto Currency and Institutional finance. We’ve created the trading applications that enable vast sums of crypto-assets to move quickly and securely between exchanges and hedge funds, bridging the gap between private banks and high net-worth Crypto investors. Our culture is […]

Lauren Arnett

Join the fastest growing fintech in Europe.

Copper is the connection between the worlds of Crypto Currency and Institutional finance.

We’ve created the trading applications that enable vast sums of crypto-assets to move quickly and securely between exchanges and hedge funds, bridging the gap between private banks and high net-worth Crypto investors.

Our culture is based on innovation, enthusiasm and above all else collaboration.

Department environment

The role forms part of the DevSecOps team and reports to the AppSec Lead. It will have close ties with the Dev team as well. While we are considered a FinTech we are at our core a development house, where secure and intelligent code delivery is our primary output. We are also a vigilant group knowing full well the asymmetry of defending crypto-based assets, making this role crucial for the business and our long-term success. The role requires someone who is fanatical about information security and who can implement and envision defences that are beyond the standard guild lines, because our threats are not standard.

Job description

As an Application Security Engineer, you will be on the frontline for the Information Security team’s investment in software delivery. Advising our developers on new projects and evolving our suite of SDLC tooling and their output. You will be expected to help develop and expand the AppSec capabilities of the business.

Your responsibilities will include:

  • Act as the voice of security in dev projects and their deployments
  • Evolve our current tooling within the SDLC to better protect Copper’s code delivery
  • Advise developers on incidents and findings uncovered by our tooling, and remediations thereof
  • Aid in threat modelling the code base, infrastructure, and deployments

Your experience, skills and knowledge – what we need from you

  • 2+ years of experience in information security
  • Development and/or security background with specific AppSec experience (such as with SAST, DAST, or SCA) and experience analysing vulnerabilities and guiding remediation
  • Ability to communicate security concerns to a technical savvy crowd
  • Strong information security fundamentals
  • Strong technical fundamentals – knowledge and previous experience of a programming language required

Success Factors

  • Experience with Scala and/or Java
  • Experience using AppSec scanning tools (such as SAST, SCA, DAST, IAST, Container Scanning and IaC scanning)
  • Experience with the deployment and integration of AppSec tools into build pipelines
  • Experience working closely with developers on remediation of detected vulnerabilities, as well as general guidance on any raised queries
  • Awareness of vulnerability lists such as the OWASP top 10
  • Sound knowledge of a standard SDLC process, including familiarity with Git, Build Pipelines and Build Tools. Knowledge of DevOps practices, specifically familiarity with CI/CD.
  • Experience using AWS – experience with technologies such as Docker containers, EC2s, AMIsm and cluster management
Independent custody
connected to multiple exchanges
Our settlements and clearing service is backed by our award winning custody technology
We would like to use analytics cookies
to improve site experience.  View policy