We are At Cross River, we're building the financial infrastructure that powers global innovation. With our cutting-edge suite of embedded payments, cards, and lending solutions, we enable millions of businesses and consumers to transact seamlessly and securely. With 900+ employees worldwide and an R&D center of over 160 employees in Jerusalem - we’re reshaping how financial technology is developed and delivered.
The Role:
We’re seeking a Senior Application Security Engineer who is first and foremost a teacher, advisor, and enabler for our development teams. Rather than owning security alone, you’ll embed secure-by-design thinking across engineering by mentoring developers, guiding architecture decisions, and making secure development intuitive and frictionless. You’ll serve as the go-to partner for developers and engineering leaders, offering clear direction, practical solutions, and hands-on mentorship that strengthens our secure SDLC.
Who You Are:
* A proactive self-starter with deep expertise in application and cloud security
* Passionate about secure development and enabling engineers through thoughtful guardrails
* Clear and confident communicator who can influence across technical and non-technical teams
* Curious about emerging threats and excited by the challenges of blockchain security
* Committed to excellence, with a strong sense of ownership and a drive to build secure systems that scale
What You’ll Actually Be Doing:
* Mentor, coach, and educate developers on secure coding through workshops, training sessions, pair reviews, and ongoing guidance
* Lead and scale a Security Champions program embedded within engineering teams
* Facilitate threat modeling sessions and design reviews, partnering with teams early in the process to improve security outcomes
* Collaborate with engineering leadership to ensure secure architecture patterns, API security practices, and design principles are built in from day one
* Integrate and tune developer-friendly AppSec guardrails into CI/CD pipelines (SAST, SCA, IaC, secret scanning) while minimizing noise for developers
* Translate vulnerabilities into clear, actionable remediation guidance that developers can easily implement
* Support security awareness across engineering by building engaging internal content, best-practice playbooks, and reusable patterns
* Partner with compliance teams to produce documentation and SDLC evidence supporting FFIEC, PCI DSS, and SOC 2 requirements
* Stay current on emerging threats, developer tooling, and secure engineering patterns — sharing insights regularly with the team
Why You’ll Love Working Here:
* Flexible hybrid model: 3 days a week in the office
* ₪1,000 net monthly wellness benefit – from therapy to Pilates to your kid’s art class
* Full Keren Hishtalmut, private health & dental insurance
* Donation matching, volunteering days, team outings, and mentorship programs
* A mission-driven culture that values ownership, trust, and meaningful impact
Next Step:
Hit Apply!
Requirements: What You Bring to the Table
* Native level fluency in English and Hebrew (written and verbal) - Must
* 7+ years in software security engineering, including 4-5 years in AppSec of secure development enablement roles
* Strong coding ability in one or more modern languages (JavaScript/TypeScript, Python, Go, Java, C#)
* Proven experience teaching, mentoring, or enabling developers through training, code reviews, threat modeling, internal talks, or champion programs
* Deep understanding of secure coding principles, common vulnerability classes, API security, and secure design techniques
* Hands-on Experience with AppSec tooling (SAST, SCA, IaC scanners, secret scanning) and integrating them into the developer workflows
* Experience with cloud native architectures and security in AWS or Azure
* Familiarity with compliance and security frameworks (PC
This position is open to all candidates.