Lead Security Engineer - InfoSec

Company Overview

Arcesium is a global financial technology firm that solves complex data-driven challenges faced by some of the world’s most sophisticated financial institutions. We constantly innovate our platform and capabilities to meet tomorrow’s challenges, anticipate the risks our clients encounter, and design advanced solutions to help our clients achieve transformational business outcomes.   

Financial technology is a high-growth industry as change and innovation continue to disrupt the status-quo and prompt major transformation. Arcesium is at a particularly interesting time in our own growth as we look to leverage our successfully established market position and expand operations in pursuit of strategic new business opportunities. We value intellectual curiosity, proactive ownership, and collaboration with colleagues, and we empower you to meaningfully contribute from day one and accelerate your professional development.

About the Role

We are looking for a bright and exceptional Lead Security Engineer to join our Information Security team in Lisbon. As a Lead Security Engineer, you will play a critical role in proactively identifying and addressing security vulnerabilities across our systems. You’ll lead penetration testing efforts and act as a trusted security advisor to our engineering teams, driving best practices across the organization.

The InfoSec team is responsible for ensuring that developers across the firm release secure software and it promotes secure SDLC culture.  The team works closely with Engineering teams on security design/code/app reviews as well as build common security solutions for dev teams to reuse. The InfoSec team is also responsible to drive internal and external audit within the firm and it takes care of Security Monitoring and Cloud Security aspects as well.

What you'll do:

• Lead and execute advanced manual penetration testing of web applications, cloud infrastructure, and internal systems, simulating real-world attack scenarios to uncover critical vulnerabilities.
• Partner closely with development and infrastructure teams to provide actionable, context-aware remediation strategies, ensuring security is embedded throughout the software lifecycle.
• Serve as a subject matter expert on secure development practices, influencing design and architecture decisions across teams to uphold robust security standards.
• Clearly communicate findings, risks, and recommendations - both verbally and in writing - to technical and non-technical audiences, driving alignment and accountability.
• Work closely with the global Security Monitoring team to provide coverage and handle escalations during your time zone.
• Champion a security-first culture by mentoring engineers, contributing to internal security standards, and guiding incident response preparedness.
• Stay ahead of emerging threats and technologies by continuously monitoring the evolving security landscape and integrating insights into ongoing initiatives.

What you'll need:

• 5+ years of experience in Engineering, out of which at least 3+ years in the security engineering field
• Handson development experience in programming languages like Java or Python
• Technical background in Application Security Testing, Security Code Reviews, security design and architecture reviews
• Knowledge of common application security attacks (e.g. Deserialization attacks, Injections attacks, SSRF, XSS, SQL Injection, XSRF, buffer overruns, DoS, etc)
• Prior experience with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools and using them for Application Security reviews
• Must have reviewed SAST, DAST, SCA tool results and worked with development teams about its resolutions
• Strong understanding of Third-Party Library Vulnerability management processes
• Exposure to Encryption and Key Management concepts
• Experience in Cloud Security (preferred cloud environment - AWS), Container and Kubernetes security
• Strong understanding of security fundamentals and general security technologies.
• Excellent communicator, comfortable discussing with technical staff and management.
• Strong interpersonal skills as well as excellent written and verbal communication skills
• Have the legal right to work in the country (mandatory)

Good to have Skills:

• SAST/DAST/SCA tools integration in CI/CD pipeline - design, implementation
• Experience working with Gitlab
• Certifications like OCSP, OSWE or OSWA
• Firewall / Security monitoring / DLP related experience with tools like Zscaler, Palo, EntraID, CrowdStrike
• Monitoring tools like Grafana, Prometheus, Elasticsearch, Splunk or other monitoring tools

Why Join Arcesium

At Arcesium, we offer:

• Flexible work arrangements (hybrid model) and a casual dress code
• Opportunity to work on challenging projects in a dynamic, global environment
• Continuous learning and development opportunities
• Collaborative and innovative work culture
• Competitive compensation and benefits package
• Modern and comfortable office located at Avenida da Liberdade (Lisbon)

Join our team and play a crucial role in shaping Arcesium's future!

Arcesium and its affiliates do not discriminate in employment matters on the basis of race, color, religion, gender, gender identity, pregnancy, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, disability, or any other category protected by law. Note that for us, this is more than just a legal boilerplate. We are genuinely committed to these principles, which form an important part of our corporate culture, and are eager to hear from extraordinarily well qualified individuals having a wide range of backgrounds and personal characteristics.