Senior Security Application Engineer

Messy spend management is tricky business. And tedious processes are a lose-lose situation for all involved, not just finance. At Pleo, we're changing that. We build spend solutions that make managing money seamless, empowering, and surprisingly effective for finance teams and employees alike—with a vision to help all businesses ‘go beyond’.

The word ‘Pleo’ actually means ‘more than you’d expect’, and living by that mantra has been the secret to our success over the last 10 years.

Now, we’re at a pivotal moment in our journey; every move we make has a direct impact on our 40,000+ customers, our business, and our collective success. We need people who take pride in uncovering customer needs, who turn complex problems into simple solutions, challenge the way things are done (respectfully), and always aim high. With great ambitions driving us forward, we can’t say we’ve got this whole thing figured out. And frankly, that’s half the fun! What we can say is that we’re a driven, progressive, and, importantly, a kind bunch of 850+ people from over 100 nationalities, all committed to delivering the future of business spending, together.

Please note: we will not be reviewing applications until 3rd January 2026 while the team is taking a well deserved break for the end of year celebrations.

What you’ll be doing

As an Application Security Engineer, you will:

• Partner with engineering teams to design and review secure technical solutions.
• Dive deep into authentication, encryption, and partner integration security topics.
• Help triage and resolve issues identified through our bug bounty program.
• Guide developers on secure coding practices and help fix identified vulnerabilities.
• Support GRC and DevOps teams with automation and security controls in our CI/CD pipelines.
• Help plan, prioritise, and own the Application Security roadmap.
• Drive long-term security initiatives that balance automation, compliance, and access needs.

What you bring

You’ll thrive in this role if you have:

• Strong communication skills and a pragmatic approach to security.
• Experience working closely with developers and product teams.
• Proficiency in at least one server-side language – we mainly use Kotlin and TypeScript.
• Expertise in code review and dynamic testing to identify security flaws.
• A deep understanding of security libraries, controls, and common vulnerabilities.
• Subject matter expertise in at least one technical area of application security.
• A passion for learning and solving unfamiliar or complex problems creatively.
• The ability to approach problems with honesty, curiosity, and clarity.

Experience with the following is a bonus:

• Java or Kotlin proficiency, particularly with securing JVM-based applications.
• Knowledge of PCI DSS, GDPR, or PSD2 and how they apply to application security.
• Supporting compliance efforts such as audits, segmentation, or access controls.

Who you’ll be working with and reporting to

You’ll report to our Head of Security Engineering and work closely with teams in Engineering, DevOps, GRC, and Product. Our team of specialists is highly collaborative and dedicated to enabling secure growth at scale. You’ll also have the chance to work cross-functionally across Pleo to strengthen our security posture in line with company goals.

How you’ll develop in this role

In your first 6 months at Pleo, you’ll:

• Lead and refine our Application Security roadmap.
• Drive improvements in secure development practices across engineering teams.
• Shape and execute long-term security initiatives that support scalable product growth.

We’re committed to helping you develop your career, whether that means taking on bigger projects, mentoring others, or expanding your expertise into new areas.

Show me the benefits!

• Your own Pleo card (no more out-of-pocket spending!)
• Lunch is on us for your work days – enjoy catered meals or receive a lunch allowance based on your local office 🍜
• Comprehensive private healthcare – depending on your location, coverage options include Vitality, Alan or Médis
• We offer 25 days of holiday + your public holidays
• For our team, we offer both hybrid and fully remote working options
• Option to purchase 5 additional days of holiday through a salary sacrifice
• We use MyndUp to give our employees access to free mental health and well-being support with great success so far ❤️‍🩹
• Paid parental leave – we want to make sure that we're supportive of families and help you feel that you don't have to compromise your family due to work 👶

  Please note: We are unable to offer visa sponsorship for this role in any of the listed locations

About your application

• Please submit your application in English; it’s our company language so you’ll be speaking lots of it if you join 💕
• We treat all candidates equally: If you are interested please apply through our application system - any correspondence should come from there! Our lovely support team isn't able to pass on any calls/ emails our way - and this makes sure that the candidate experience is smooth and fair to everyone  😊
• We can only achieve our goals if our team reflects the diversity of the world around us - and that starts with you, hitting apply, even if you are worried you might not tick all the boxes. We embrace and encourage people from all backgrounds to apply - regardless of race/ethnicity, colour, religion, nationality, gender, sex, sexual orientation, age, marital status, disability, neurodiversity, socio-economic status, culture or beliefs.
• When you submit an application we process your personal data as a data processor. Find out more about how your data is used in the FAQs section at the bottom of our jobs page.