Senior Security Application Engineer Lisboa

Overview

At Pleo, we’re on a mission to revolutionise the way businesses manage company spending. We’re creating tools that promote autonomy, foster trust, and let businesses focus on what truly matters. You’ll join a transparent, collaborative culture focused on innovation and secure growth.

We’re looking for a Senior Application Security Engineer to join our Security team. In this role, you’ll help shape the future of application security at Pleo and protect our customers’ money and data as we scale. If you’re excited about applying security in pragmatic, scalable ways and building resilient financial products, this is the opportunity for you.

What you’ll be doing

• Partner with engineering teams to design and review secure technical solutions.
• Dive deep into authentication, encryption, and partner integration security topics.
• Help triage and resolve issues identified through our bug bounty program.
• Guide developers on secure coding practices and help fix identified vulnerabilities.
• Support GRC and Dev
  Ops teams with automation and security controls in our CI/CD pipelines.
• Help plan, prioritise, and own the Application Security roadmap.
• Drive
  - term security initiatives that balance automation, compliance, and access needs.

What you bring

• Strong communication skills and a pragmatic approach to security.
• Experience working closely with developers and product teams.
• Proficiency in at least one
  - side language – Kotlin and Type
  Script are mainly used.
• Expertise in code review and dynamic testing to identify security flaws.
• A deep understanding of security libraries, controls, and common vulnerabilities.
• Subject matter expertise in at least one technical area of application security.
• A passion for learning and solving unfamiliar or complex problems creatively.
• The ability to approach problems with honesty, curiosity, and clarity.

Bonus experience

• Java or Kotlin proficiency, particularly with securing JVM-based applications.
• Knowledge of PCI DSS, GDPR, or PSD2 and how they apply to application security.
• Supporting compliance efforts such as audits, segmentation, or access controls.

Team structure and reporting

You’ll report to our Head of Security Engineering and work with Engineering, Dev
Ops, GRC, and Product teams. You’ll have opportunities to collaborate
- functionally across Pleo to strengthen our security posture.

Career development

In your first 6 months at Pleo, you’ll:

• Lead and refine our Application Security roadmap.
• Drive improvements in secure development practices across engineering teams.
• Shape and execute
  - term security initiatives that support scalable product growth.

We’re committed to helping you develop your career through bigger projects, mentoring, and exploring new areas.

Benefits

• Your own Pleo card (no more
  -
  - pocket spending).
• Lunch provided or a lunch allowance on workdays.
• Comprehensive private healthcare options, depending on location.
• 25 days of holiday plus public holidays.
• Hybrid and fully remote working options.
• Option to purchase 5 additional days of holiday through a salary sacrifice.
• Access to mental health and
  - being support.
• Paid parental leave to support families.

Please note: We are unable to offer visa sponsorship for this role in any of the listed locations.

About your application

• Please submit your application in English.
• We treat all candidates equally and ask you to apply through our application system.
• We value diversity and encourage people from all backgrounds to apply.
• When you submit an application, we process your personal data as a data processor. Find out more in the FAQs on our jobs page.

Referrals increase your chances of interviewing at Pleo. You’ll also be notified about new Senior Application Engineer roles in Lisboa, Lisbon, Portugal.