Join to apply for the Senior Security Application Engineer role at Pleo

About the role

We're looking for a Senior Application Security Engineer to join our Security team at Pleo. In this role, you'll help shape the future of application security at Pleo and be part of the wider effort to protect our customers’ money and data as we scale. If you're excited about applying security in pragmatic, scalable ways – and are passionate about building resilient financial products – then this is the opportunity for you!

What you’ll be doing

• Partner with engineering teams to design and review secure technical solutions
• Dive deep into authentication, encryption, and partner integration security topics
• Help triage and resolve issues identified through our bug bounty program
• Guide developers on secure coding practices and help fix identified vulnerabilities
• Support GRC and DevOps teams with automation and security controls in our CI/CD pipelines
• Help plan, prioritise, and own the Application Security roadmap
• Drive long-term security initiatives that balance automation, compliance, and access needs

What you bring

• Strong communication skills and a pragmatic approach to security
• Experience working closely with developers and product teams
• Proficiency in at least one server-side language – we mainly use Kotlin and TypeScript
• Expertise in code review and dynamic testing to identify security flaws
• A deep understanding of security libraries, controls, and common vulnerabilities
• Subject matter expertise in at least one technical area of application security
• A passion for learning and solving unfamiliar or complex problems creatively
• The ability to approach problems with honesty, curiosity, and clarity

Experience and knowledge (bonus)

• Java or Kotlin proficiency, particularly with securing JVM-based applications
• Knowledge of PCI DSS, GDPR, or PSD2 and how they apply to application security
• Supporting compliance efforts such as audits, segmentation, or access controls

Who you’ll be working with

You’ll report to our Head of Security Engineering and work closely with teams in Engineering, DevOps, GRC, and Product. Our team is highly collaborative and dedicated to enabling secure growth at scale.

How you’ll develop in this role

• In your first 6 months, lead and refine our Application Security roadmap
• Drive improvements in secure development practices across engineering teams
• Shape and execute long-term security initiatives that support scalable product growth

We’re committed to helping you develop your career, whether that means taking on bigger projects, mentoring others, or expanding your expertise into new areas.

Benefits

• Your own Pleo card (no more out-of-pocket spending)
• Lunch is on us for your work days – catered meals or a lunch allowance based on location
• Comprehensive private healthcare – options include Vitality, Alan, or Médis depending on location
• 25 days of holiday + public holidays
• Hybrid and fully remote working options
• Option to purchase 5 additional days of holiday via salary sacrifice
• Access to free mental health and well-being support
• Paid parental leave

Note

Please note: We are unable to offer visa sponsorship for this role in any of the listed locations.

Why join us?

Working at Pleo means you're working on something very exciting: the future of work. Our mission is to help every company go beyond the books. Pleo means “more than you’d expect,” and that philosophy guides our products and culture. We value diversity and inclusion and believe every candidate deserves a fair, equal opportunity to apply.

We believe company spending should be delegated to all employees and teams, automated where possible, and aligned with a culture of responsible spending. If you don't work in the office, we’ll help you set up the best remote setup possible and ensure you stay connected with your team.