About MONEYME:

MONEYME is a founder-led digital lender and Certified B Corporation™. We challenge the traditional ways of credit and simplify the borrowing experience with digital-first experiences that meet the needs of modern consumers. We offer a range of fast, flexible, and competitively priced products that span our customers’ credit lifecycle, including personal loans, credit cards, and car loans. We deliver unrivalled customer experiences powered by smart technology, speed and efficiency.

We are for ambitious Australians that expect more from life and the companies they engage with. We uphold a strong ethos of sustainability and hold ourselves accountable to the high standards of the B Corp movement. Our culture is energetic and driven, and we continually challenge the status quo… we’re nothing like your traditional finance institution. We have recently been certified as a B Corp and a Great Place To Work. We’re proud to have built a culture where people feel heard, cared for, and empowered to push boundaries. We wouldn’t be able to continually improve and grow as a company without our diverse and exceptional team.

What we are looking for:

We are looking for a Mid - Senior Cybersecurity Engineer to deliver hands on technical security across MONEYME’s application, cloud, and delivery environments. This role is application security focused, with strong accountability for secure SDLC, CI/CD security, SAST, DAST, threat modelling, vulnerability remediation, and implementation of high-risk technical controls. You will identify weaknesses through analysis and testing, validate risk with evidence, and work directly with engineering teams to drive effective remediation.

The successful candidate will operate across the full application security lifecycle, applying purple teaming practices to continuously improve both preventive and detective controls. You will act as a technical point of contact across offensive and defensive security activities, translate realistic attack paths into remediation actions, validate control effectiveness through targeted testing, and produce defensible technical evidence that supports governance and audit requirements. You will partner closely with the Cybersecurity Lead, who owns overall security strategy.

Responsibilities for this position include:

Application security and vulnerability remediation:

• Own application security across web, mobile, and API systems.

• Identify and prioritize vulnerabilities using SAST, DAST, and threat modelling.

• Assess findings against OWASP Top 10 and OWASP API Security risks.

• Drive remediation with engineering teams and validate fixes.

Secure SDLC and threat modelling

• Embed security into the software development lifecycle.

• Conduct threat modelling during design and architecture.

• Perform security reviews for new features and changes.

 DevSecOps

• Integrate SAST, DAST, dependency, and container testing into CI CD pipelines.

• Define risk based security gates and tune rulesets.

• Attack surface and purple teaming.

• Assess high risk flows involving authentication, sensitive data, APIs, and third party integrations.

• Identify risks in token handling, sessions, and API abuse.

• Conduct targeted testing and validate defensive coverage.

Blue team, cloud, and technical assurance

• Act as a technical escalation point during application, cloud, and platform security incidents

• Support detection tuning, logging quality, and threat hunting using application and cloud telemetry

• Validate security controls across applications, pipelines, cloud services, and identity components

• Support external scanning and remediation validation

To be successful in this role you must have the following:

• Bachelor’s degree in Information Security, Information Technology, or a related discipline

• Professional certifications such as CEH, OSCP or equivalent are highly regarded

• Equivalent practical experience may be considered in lieu of formal qualifications

• 3+ years of experience in cybersecurity engineering experience with strong focus on application security

• Demonstrated ownership of vulnerability remediation from discovery through validation

• Practical experience implementing and tuning SAST and DAST programs

• Strong familiarity with OWASP Top 10 and OWASP API Security Top 10

• Experience working directly with software engineers and platform teams

• Experience embedding security into the software development lifecycle

• Experience operating in regulated or high-risk environments

• Experience applying adversary driven or purple teaming techniques

Technical Skills:

• Strong understanding of web, mobile, and API security vulnerabilities and mitigations

• Hands on experience with SAST, DAST, and application security testing tools

• Ability to assess findings against OWASP risk categories and real-world exploitability

• Practical experience with threat modelling methodologies and secure design reviews

• Experience integrating security testing into CI CD pipelines

• Working knowledge of cloud security fundamentals including identity, network exposure, and workload protection

• Knowledge of secure secret handling, dependency management, and pipeline hardening

• Understanding of attacker techniques and MITRE ATT&CK

• Experience validating remediation and preventing vulnerability reintroduction

• Experience securing applications that process sensitive or regulated data

• Familiarity with Azure based environments or similar cloud platforms

Soft Skills:

• Clear and effective communicator with engineering, offensive, and defensive security teams

• Comfortable challenging design decisions while remaining solution oriented

• Strong ownership mindset focused on outcomes rather than findings

• Ability to prioritise remediation based on risk and impact

• Calm and methodical approach during production issues or security incidents

Continuous Learning:

• Commitment to staying current with application security threats, OWASP guidance, and evolving attack techniques

• Participation in professional development activities such as training, certifications, or security communities

What’s in it for you:

MONEYME’s employees and culture are core to who we are. We know that without a high-performing and engaged Team MONEYME, we will not achieve our ambitious goals for the future. We are proud to offer a collaborative and fun work environment.

Some of the benefits & perks we offer for all our employees in Manila are:

MONEYME’s employees and culture are core to who we are. We know that without a high-performing and engaged Team MONEYME, we will not achieve our ambitious goals for the future. We are proud to offer a collaborative and fun work environment.

Some of the benefits & perks we offer for all our employees in Manila are:

• HMO on Day 1 + 1 free dependent

• 15 days of vacation leaves and 15 days of sick leave

• 1 birthday leave

• Health and wellbeing initiatives like weekly sports activities and MONEYME Olympics

• Fun filled company activities - summer outings, team building, team lunch or dinner, Halloween event, year-end party and so much more!

• Complimentary snacks in the office

• MONEYME Merchandise - hoodie, T-shirt, tumbler, notebook, and id lace

• Quarter champion awards & reward trips

At MONEYME we believe in rewarding hard work. When the business is winning, so are you and we’re always investing in our employees to lead new projects and develop people’s careers. We have quarterly awards, events, bonuses and more.

MONEYME Limited is an equal opportunity employer and we value diversity, equity, and inclusion. We are committed to creating a diverse and inclusive workplace and encourage applicants from all backgrounds to apply. We believe that the unique contribution of our employees is a key driver of our success. We stand together – our diversity and inclusion give us an edge.