Application Security Business Partner

EMCD is a leading technology company in the crypto industry, best known as the largest mining pool in Eastern Europe. We are expanding globally and building a comprehensive ecosystem of crypto services, including payment infrastructure, custody, mining solutions and enterprise-grade tools for businesses and institutions.

We are looking for an experienced Application Security Business Partner to work closely with multiple development teams and act as a key point of contact for application security. This role combines deep technical expertise with strong collaboration skills and focuses on embedding security into product development from early design stages through release and operation.

Key Responsibilities

• Close collaboration with development teams to analyze business requirements and assess their impact on application and service security.
• Threat modeling for applications and services, with clear recommendations for mitigation strategies and security controls.
• Preparation of application security requirements and oversight of their implementation throughout the development lifecycle.
• Security reviews of system architecture, source code, and release artifacts, including security testing of applications and services.
• Tracking and controlling vulnerability remediation, working directly with engineering teams to ensure timely resolution of security issues.
• Collaboration with DevSecOps teams on integrating security scanners and controls into CI/CD pipelines.
• Continuous security testing and code review activities aimed at improving the overall security posture of products and services.

Requirements

• Hands-on experience in application security or a closely related security engineering role.
• Strong understanding of common application threats and vulnerabilities, including OWASP Top 10, OWASP Mobile Top 10, and CWE Top 25.
• Knowledge of application security standards and best practices, with the ability to apply frameworks such as OWASP ASVS and WSTG in real-world scenarios.
• Understanding of infrastructure fundamentals, containerization concepts, and associated security risks.
• Familiarity with microservice architectures and modern approaches to securing distributed systems.
• Programming experience in Go, Python, or JavaScript is a strong advantage.
• Comfort working with modern technology stacks, including Docker, Kubernetes, virtual machines, GitLab or GitHub CI/CD, Ansible, Terraform, ArgoCD, relational and in-memory databases, and modern frontend and backend frameworks.

Challenges

• Embedding security practices into fast-moving development teams without slowing down product delivery.
• Balancing business requirements, developer experience, and security controls in complex, distributed systems.
• Identifying and prioritizing real-world risks across multiple services and teams in a high-load fintech and crypto environment.
• Ensuring consistent application security standards across products built with different technologies and architectures.
• Keeping security practices up to date in an evolving threat landscape while supporting continuous delivery.

What We Offer

• We operate as a remote-first company, and you can work from anywhere in the world without location constraints. 
• Working hours are fully flexible. 
• We provide extended time off: 28 paid vacation days per year, plus 12 additional bonus days. 
• Sick leave is fully paid and handled without unnecessary bureaucracy. 
• We support professional growth by covering the cost of relevant courses, certifications, and training programs. 
• You will have real impact and ownership of meaningful, high-value tasks, along with the opportunity to help shape core infrastructure in the fintech and crypto space.

Apply today and help us build the future of crypto!