Information Security Engineer

@ Revolut

About Revolut

People deserve more from their money. Since 2015, Revolut has been on a mission to deliver more visibility, control, and freedom for its 65+ million customers through innovative financial products.

About The Role

The Information Security Engineer role at Revolut focuses on ensuring applications and infrastructure are safe from threats and vulnerabilities. You will design and build secure apps, conduct testing and monitoring, and work closely with various teams.

What You'll Be Doing

• Perform security assessments on product designs, mobile apps, web applications, and APIs.
• Participate in Red Team missions and threat-led testing scenarios.
• Lead and conduct penetration testing using both manual techniques and automated tools.
• Manage and evolve the private bug bounty programme.
• Collaborate with engineering teams to embed security into the software development lifecycle.
• Develop and enforce internal AppSec standards and policies aligned with OWASP and NIST benchmarks.
• Continuously research emerging threats and security tools.
• Mentor junior team members and contribute to internal training sessions.

What You'll Need

• 3+ years of hands-on experience in application security or penetration testing.
• Strong understanding of web, mobile, and API vulnerabilities (e.g., OWASP Top 10).
• Experience in code reviews, design reviews, and threat modelling.
• Familiarity with DevSecOps and security tooling in CI/CD pipelines.
• Proficiency with security tools such as Burp Suite, MobSF, and Frida.
• Basic understanding of cloud security principles with GCP or AWS experience.
• Excellent communication and collaborative skills.

Nice to Have

Experience in Red Team exercises, managing bug bounty programmes, or contributing to open-source security tools is a plus.

Key skills/competency

• Application Security
• Penetration Testing
• Red Team
• Threat Modelling
• DevSecOps
• Cloud Security
• Code Reviews
• Security Assessments
• Bug Bounty
• OWASP