Security Engineer

About Paybis

Paybis is an international fintech company operating in the crypto and payments space. We build secure, user-friendly products for individual and corporate clients across the globe. As we prepare for MiCA/DORA and scale our security posture, we are making a foundational hire for Product Security & Security Operations.

Role Purpose

We are looking for a hands-on Security Engineer with strong application security expertise to take end-to-end ownership of the On-Ramp product security and help shape Paybis’ future Security Operations function.

Immediate priority: close visibility gaps, strengthen fraud and abuse detection, eliminate unauthorized partner behaviour, and stabilise On-Ramp incident response.
Long-term priority: expand into broader AppSec initiatives and co-develop a scalable security operations capability with the incoming CISO.

Key Responsibilities

First 3–6 Months: On-Ramp Product Security

• Take full ownership of On-Ramp product security end-to-end.
• Detect, investigate, and respond to fraud attempts and partner misuse.
• Analyse logs, signals, and behaviours to identify malicious patterns.
• Conduct threat modelling and propose security improvements.
• Partner with the Ramp Stream to implement fixes and secure-by-design product changes.
• Build visibility, accountability, and predictability into the On-Ramp security workflow.
• Produce structured incident, vulnerability, and mitigation reports for CTO/CIO.

Long-Term: Application Security & Security Operations

• Perform application threat modelling across product lines.
• Conduct code reviews to identify security weaknesses (OWASP, CWE, business logic flaws).
• Support incident response (attack reproduction, RCA, mitigation guidance).
• Introduce secure coding standards and AppSec best practices.
• Develop security automation for CI/CD (SAST, SCA, IaC scanning).
• Collaborate with CISO to build a sustainable Security Operations framework.

• Improve tooling, monitoring, and early detection of abuse.

Required Technical Expertise (Must-Have)

• Strong application security or secure backend engineering background.
• Proficiency in at least one backend language (Python, Go, Node.js, Java, PHP).
• Deep understanding of OWASP Top 10, CWE, and business logic vulnerabilities.
• Threat modelling experience (STRIDE, attack trees, misuse cases).
• Hands-on security testing: Burp Suite, ZAP, SAST/DAST/IAST.
• AWS foundations (identity, networking, secrets), Docker, Kubernetes, IaC basics.
• Incident response experience: log analysis, attack reproduction, RCA.

Nice-to-Have

• Security automation, DevSecOps.
• API and microservices security best practices.
• Experience in fintech or crypto.
• Familiarity with MiCA/DORA implications.
• Experience detecting abuse, bot activity, and rate limiting bypasses.

Soft Skills

• Strong ownership mindset — end-to-end accountability.
• Calm under pressure, especially during high-impact incidents.
• Clear, structured, analytical communication.
• Ability to collaborate with Engineering, Product, Fraud, DevOps.
• Ability to influence without direct authority.
• Comfortable operating in ambiguity and building structure from scratch.

Why Join Paybis

• Impact: This is a foundational role shaping the company's security operations.
• Autonomy: Full ownership of one of the company’s most critical products.
• Growth: Direct collaboration with CTO, CIO, and incoming CISO.
• Culture: Fast-moving fintech environment with high trust and responsibility.
• Flexibility: Remote-first setup aligned with EU time zones.
• Compensation: Competitive salary, performance-based bonus, and benefits.

Interview Process

1. HR (culture fit)
2. Technical Deep Dive (AppSec & Product Security)
3. Technical Interview
4. Final Stakeholder Interview (ownership, collaboration)