Senior Application Security Engineer

Description

We are

At Cross River, we're building the financial infrastructure that powers global innovation. With our cutting-edge suite of embedded payments, cards, and lending solutions, we enable millions of businesses and consumers to transact seamlessly and securely.

With 900+ employees worldwide and an R&D center of over 160 employees in Jerusalem - we’re reshaping how financial technology is developed and delivered.

THE ROLE

We’re seeking a Senior Application Security Engineer who is first and foremost a teacher, advisor, and enabler for our development teams.

Rather than owning security alone, you’ll embed secure-by-design thinking across engineering by mentoring developers, guiding architecture decisions, and making secure development intuitive and frictionless.

You’ll serve as the go-to partner for developers and engineering leaders, offering clear direction, practical solutions, and hands-on mentorship that strengthens our secure SDLC.

Who You Are

• A proactive self-starter with deep expertise in application and cloud security
• Passionate about secure development and enabling engineers through thoughtful guardrails
• Clear and confident communicator who can influence across technical and non-technical teams
• Curious about emerging threats and excited by the challenges of blockchain security
• Committed to excellence, with a strong sense of ownership and a drive to build secure systems that scale
  
  

• Mentor, coach, and educate developers on secure coding through workshops, training sessions, pair reviews, and ongoing guidance
• Lead and scale a Security Champions program embedded within engineering teams
• Facilitate threat modeling sessions and design reviews, partnering with teams early in the process to improve security outcomes
• Collaborate with engineering leadership to ensure secure architecture patterns, API security practices, and design principles are built in from day one
• Integrate and tune developer-friendly AppSec guardrails into CI/CD pipelines (SAST, SCA, IaC, secret scanning) while minimizing noise for developers
• Translate vulnerabilities into clear, actionable remediation guidance that developers can easily implement
• Support security awareness across engineering by building engaging internal content, best-practice playbooks, and reusable patterns
• Partner with compliance teams to produce documentation and SDLC evidence supporting FFIEC, PCI DSS, and SOC 2 requirements
• Stay current on emerging threats, developer tooling, and secure engineering patterns — sharing insights regularly with the team
  
  

• Native level fluency in English and Hebrew (written and verbal) - Must
• 7+ years in software security engineering, including 4-5 years in AppSec of secure development enablement roles
• Strong coding ability in one or more modern languages (JavaScript/TypeScript, Python, Go, Java, C#)
• Proven experience teaching, mentoring, or enabling developers through training, code reviews, threat modeling, internal talks, or champion programs
• Deep understanding of secure coding principles, common vulnerability classes, API security, and secure design techniques
• Hands-on Experience with AppSec tooling (SAST, SCA, IaC scanners, secret scanning) and integrating them into the developer workflows
• Experience with cloud native architectures and security in AWS or Azure
• Familiarity with compliance and security frameworks (PCI DSS, SOC 2, FEIEC, NIST, OWASP, ASVS)
• Excellent communication and storytelling skills - able to break down complex issues into simple, practical guidance
• A collaborative mindset and passion for building a positive, empowering security culture
  
  

• Flexible hybrid model: 3 days a week in the office – A must
• ₪1,000 net monthly wellness benefit – from therapy to Pilates to your kid’s art class
• Full Keren Hishtalmut, private health & dental insurance
• Donation matching, volunteering days, team outings, and mentorship programs
• A mission-driven culture that values ownership, trust, and meaningful impact