Application Security Engineer

Description

We are

At Cross River, we're building the financial infrastructure that powers global innovation. With our cutting-edge suite of embedded payments, cards, and lending solutions, we enable millions of businesses and consumers to transact seamlessly and securely. 

With 900+ employees worldwide and an R&D center of over 160 employees in Jerusalem - we’re reshaping how financial technology is developed and delivered. . 

The Role

We’re seeking a Senior Application Security Engineer to be the go-to security expert for our software and blockchain engineering teams. In this high-impact role, you’ll embed security across the entire SDLC - from CI/CD pipelines to smart contracts—helping us build secure-by-design systems that power the future of fintech and digital assets.

You’ll lead threat modeling, drive secure development practices, and automate guardrails that make security effortless for developers. As part of a collaborative security team, you’ll influence architecture, compliance, and innovation while protecting millions of users and billions in assets.

Who You Are

A proactive self-starter with deep expertise in application and cloud security

Passionate about secure development and enabling engineers through thoughtful guardrails

Clear and confident communicator who can influence across technical and non-technical teams

Curious about emerging threats and excited by the challenges of blockchain security

Committed to excellence, with a strong sense of ownership and a drive to build secure systems that scale

What You’ll Actually Be Doing

• Integrate security tools (SAST, DAST, SCA, secret scanning) into CI/CD pipelines using GitHub Actions, Jenkins, and related DevOps tooling
• Lead threat modeling and secure architecture reviews for new features, APIs, and blockchain systems
• Conduct smart contract security reviews and advise on cryptographic and wallet security patterns
• Coordinate penetration tests, manage bug bounty reports, and track remediation through development teams
• Build reusable security components, libraries, and developer-friendly guardrails
• Deliver internal training, build a security champion network, and drive adoption of AppSec best practices
• Produce security metrics, documentation, and audit evidence to support FFIEC, PCI DSS, SOC 2 compliance
• Stay current on evolving threats in blockchain, DeFi, GenAI, and supply-chain ecosystems

Requirements

What You Bring to the Table

• Native-level fluency in both English and Hebrew (written and verbal) - Must 
• 7+ years in software or security engineering, including 5+ in application security roles
• Strong coding skills in a modern language (e.g., JavaScript/TypeScript, Python, Go, Java, C#)
• Deep experience securing cloud-native applications and APIs in AWS, Azure, or similar environments
• Hands-on experience with blockchain platforms - smart contract audits, key management, or custody
• Familiarity with modern DevSecOps pipelines and AppSec tooling (SAST, SCA, IaC scanners)
• Working knowledge of PCI DSS, NIST, OWASP ASVS, and other security frameworks
• Excellent problem-solving and communication skills, with the ability to influence engineers and leadership

Why You’ll Love Working Here

You’ll help secure some of the most innovative products in fintech and crypto - while collaborating with brilliant, supportive teammates who care deeply about doing things the right way. Our security culture is proactive, collaborative, and continuously improving. You’ll have the autonomy to lead impactful initiatives, influence design from day one, and grow alongside a team that’s invested in modern tooling and professional development.

Next Step

Hit Apply. Bring your AppSec mastery abilities. We’ll bring the challenge – and the snacks.