We’re Melio, a TLV-based startup on a mission to keep small businesses in business. Our online payment solution enables small businesses in the US to pay their bills in more efficient ways that improve their finances and free them up to focus more on managing the business they love.

Backed by top-tier VCs, we have a unique approach to small business payments and aim to make B2B payments as simple and easy as peer-to-peer payment apps. We’re growing fast and looking for enthusiastic team players.


As an Application Security lead you will Work closely with our product and engineering teams to ensure a security-first mindset and implement an effective and secure SDLC.

How You’ll Make An Impact

  • Perform design reviews, threat modeling, and source code review and drive remediation of the discovered vulnerabilities  
  • Drive adoption of security best practices and embedded cloud security controls as part of the SDLC  
  • Have responsibility for our application security tools and systems (such as SAST, SCA, and DAST tools) to configure an efficient technology-specific scanning profile, perform rule fine tuning to reduce the rate of false-positives and provide remediation assistance to application engineers. 
  • Support security assessments (penetration testing) on externally and internally facing applications. 
  • Proactively perform hands-on security testing of applications and services to discover risk and track to resolution. 
  • Understand, balance, and communicate business risk with security risk. 
  • Accurately document system deficiencies, recommend solutions, and track remediation activities  
  • Mentor software engineers and strive to level up the overall security awareness 
  • Implement security automation and frameworks for code quality and testing 
  • Assist in the implementation of security-related product features like authentication, cryptography, etc. 

What We’d Love To See

  • 3+ years of experience as Application Security Expert in public cloud (preferably AWS) and SaaS environments 
  • A strong understanding of common attack vectors, vulnerabilities, and mitigations, and a thorough understanding of the OWASP and SANS frameworks. 
  • Demonstrated experience integrating security into dockerized product development, CI/CD pipelines and Infrastructure-as-code (e.g. Terraform)  
  • Solid understanding of application security vulnerabilities (e.g. OWASP top 10) and countermeasures to reduce related risks 
  • Proven experience using common application security testing tools 
  • Experience in discovering application layer vulnerabilities and explaining the associated risk to developers.  
  • Experience reviewing application code to identify security vulnerabilities 
  • Prior programming experience and understanding of commercial software development lifecycles (SDLC)  
  • Experience with one or more major programming languages (JavaScript, Python) 
  • Strong verbal, reading and writing in English 
  • Bachelor's degree in Computer Sciences, Engineering, Security Informatics- Advantage 
  • Understanding of Cryptographic algorithms, applications, and concepts- Advantage
  • Security certifications like CEH, OSCP- Advantage
  • Experience with dynamic and static security code analysis tools- Advantage
  • Experience with security best practices and solutions in AWS- Advantage


If you’re still nodding your head in agreement and this seems like a good fit, don’t hesitate to reach out—we’re looking for you!

Apply for this Job

* Required
(File types: pdf, doc, docx, txt, rtf)
When autocomplete results are available use up and down arrows to review
+ Add Another Education