We are At Cross River, we're building the financial infrastructure that powers global innovation. With our cutting-edge suite of embedded payments, cards, and lending solutions, we enable millions of businesses and consumers to transact seamlessly and securely. With 900+ employees worldwide and an R&D center of over 160 employees in Jerusalem - we’re reshaping how financial technology is developed and delivered.
The Role:
We’re seeking a Senior Application Security Engineer to be the go-to security expert for our software and blockchain engineering teams. In this high-impact role, you’ll embed security across the entire SDLC - from CI/CD pipelines to smart contracts—helping us build secure-by-design systems that power the future of fintech and digital assets. You’ll lead threat modeling, drive secure development practices, and automate guardrails that make security effortless for developers. As part of a collaborative security team, you’ll influence architecture, compliance, and innovation while protecting millions of users and billions in assets.
Who You Are:
* A proactive self-starter with deep expertise in application and cloud security
* Passionate about secure development and enabling engineers through thoughtful guardrails
* Clear and confident communicator who can influence across technical and non-technical teams
* Curious about emerging threats and excited by the challenges of blockchain security
* Committed to excellence, with a strong sense of ownership and a drive to build secure systems that scale
What You’ll Actually Be Doing:
* Integrate security tools (SAST, DAST, SCA, secret scanning) into CI/CD pipelines using GitHub Actions, Jenkins, and related DevOps tooling
* Lead threat modeling and secure architecture reviews for new features, APIs, and blockchain systems
* Conduct smart contract security reviews and advise on cryptographic and wallet security patterns
* Coordinate penetration tests, manage bug bounty reports, and track remediation through development teams
* Build reusable security components, libraries, and developer-friendly guardrails
* Deliver internal training, build a security champion network, and drive adoption of AppSec best practices
* Produce security metrics, documentation, and audit evidence to support FFIEC, PCI DSS, SOC 2 compliance
* Stay current on evolving threats in blockchain, DeFi, GenAI, and supply-chain ecosystems
Why You’ll Love Working Here:
* Flexible hybrid model: 3 days a week in the office – A must
* ₪1,000 net monthly wellness benefit – from therapy to Pilates to your kid’s art class
* Full Keren Hishtalmut, private health & dental insurance
* Donation matching, volunteering days, team outings, and mentorship programs
* A mission-driven culture that values ownership, trust, and meaningful impact
Next Step:
Hit Apply. Bring your AppSec mastery abilities. We’ll bring the challenge – and the snacks.
Requirements: What You Bring to the Table
* Native-level fluency in both English and Hebrew (written and verbal) - Must
* 7+ years in software or security engineering, including 5+ in application security roles
* Strong coding skills in a modern language (e.g., JavaScript/TypeScript, Python, Go, Java, C#)
* Deep experience securing cloud-native applications and APIs in AWS, Azure, or similar environments
* Hands-on experience with blockchain platforms - smart contract audits, key management, or custody
* Familiarity with modern DevSecOps pipelines and AppSec tooling (SAST, SCA, IaC scanners)
* Working knowledge of PCI DSS, NIST, OWASP ASVS, and other security frameworks
* Excellent problem-solving and communication skills, with the ability to influence engineers and leadership
This position is open to all candidates.