Senior Application Security Engineer

We are

At Cross River, we're building the financial infrastructure that powers global innovation. With our cutting-edge suite of embedded payments, cards, and lending solutions, we enable millions of businesses and consumers to transact seamlessly and securely.

With 900+ employees worldwide and an R&D center of over 160 employees in Jerusalem - we’re reshaping how financial technology is developed and delivered.

Requirements:

What You Bring to the Table

Native level fluency in English and Hebrew (written and verbal) - Must
7+ years in software security engineering, including 4-5 years in AppSec of secure development enablement roles
Strong coding ability in one or more modern languages (JavaScript/TypeScript, Python, Go, Java, C#)
Proven experience teaching, mentoring, or enabling developers through training, code reviews, threat modeling, internal talks, or champion programs
Deep understanding of secure coding principles, common vulnerability classes, API security, and secure design techniques
Hands-on Experience with AppSec tooling (SAST, SCA, IaC scanners, secret scanning) and integrating them into the developer workflows
Experience with cloud native architectures and security in AWS or Azure
Familiarity with compliance and security frameworks (PCI DSS, SOC 2, FEIEC, NIST, OWASP, ASVS)
Excellent communication and storytelling skills - able to break down complex issues into simple, practical guidance
A collaborative mindset and passion for building a positive, empowering security culture

The Role:

We’re seeking a Senior Application Security Engineer who is first and foremost a teacher, advisor, and enabler for our development teams.

Rather than owning security alone, you’ll embed secure-by-design thinking across engineering by mentoring developers, guiding architecture decisions, and making secure development intuitive and frictionless.

You’ll serve as the go-to partner for developers and engineering leaders, offering clear direction, practical solutions, and hands-on mentorship that strengthens our secure SDLC.

Who You Are:

A proactive self-starter with deep expertise in application and cloud security
Passionate about secure development and enabling engineers through thoughtful guardrails
Clear and confident communicator who can influence across technical and non-technical teams
Curious about emerging threats and excited by the challenges of blockchain security
Committed to excellence, with a strong sense of ownership and a drive to build secure systems that scale

What You’ll Actually Be Doing:

Mentor, coach, and educate developers on secure coding through workshops, training sessions, pair reviews, and ongoing guidance
Lead and scale a Security Champions program embedded within engineering teams
Facilitate threat modeling sessions and design reviews, partnering with teams early in the process to improve security outcomes
Collaborate with engineering leadership to ensure secure architecture patterns, API security practices, and design principles are built in from day one
Integrate and tune developer-friendly AppSec guardrails into CI/CD pipelines (SAST, SCA, IaC, secret scanning) while minimizing noise for developers
Translate vulnerabilities into clear, actionable remediation guidance that developers can easily implement
Support security awareness across engineering by building engaging internal content, best-practice playbooks, and reusable patterns
Partner with compliance teams to produce documentation and SDLC evidence supporting FFIEC, PCI DSS, and SOC 2 requirements
Stay current on emerging threats, developer tooling, and secure engineering patterns — sharing insights regularly with the team

Why You’ll Love Working Here:

Flexible hybrid model: 3 days a week in the office – A must
₪1,000 net monthly wellness benefit – from therapy to Pilates to your kid’s art class
Full Keren Hishtalmut, private health & dental insurance
Donation matching, volunteering days, team outings, and mentorship programs
A mission-driven culture that values ownership, trust, and meaningful impact

Next Step:

Hit Apply. Bring your AppSec mastery abilities. We’ll bring the challenge – and the snacks.