EMCD is a technology company in the cryptocurrency space, known as the largest mining pool in Eastern Europe. We are actively expanding into the global market and building a comprehensive ecosystem of crypto services, including payment infrastructure, custodial solutions, mining products, and enterprise tools for businesses and institutional clients.

We are looking for an experienced Application Security Business Partner who will closely collaborate with several development teams and act as a key expert in application security. The role combines deep technical expertise with active engagement with teams, aiming to integrate security approaches across all stages of the product lifecycle — from design to operation.

Responsibilities

• Close collaboration with development teams to analyze business requirements and assess their impact on the security of applications and services.
• Threat modeling for applications and services, followed by the development and proposal of protection measures and security controls.
• Preparation of application security requirements and monitoring their compliance throughout the development process.
• Conducting security reviews of architecture, source code, and release artifacts, including security testing of applications and systems.
• Monitoring the vulnerability remediation process and close collaboration with engineers for timely closure of security risks.
• Interaction with the DevSecOps team on integrating scanners and security controls into CI/CD pipelines.
• Regular security testing and code reviews to enhance the overall security level of products and services.

Requirements

• Practical experience in application security or a related security engineer role.
• Deep understanding of common threats and vulnerabilities, including OWASP Top 10, OWASP Mobile Top 10, and CWE Top 25.
• Knowledge of application security standards and best practices, and the ability to apply OWASP ASVS, WSTG frameworks, and similar ones in practice.
• Understanding of infrastructure principles, containerization, and related security risks.
• Knowledge of microservice architecture and modern approaches to securing distributed systems.
• Development experience in Go, Python, or JavaScript will be a significant advantage.
• Comfortable working with a modern technology stack: Docker, Kubernetes, virtual machines, GitLab or GitHub CI/CD, Ansible, Terraform, ArgoCD, relational and in-memory databases, modern backend and frontend frameworks.

We Offer

• Remote-first format — the opportunity to work from anywhere in the world without being tied to a location.
• Flexible working hours with no fixed schedules.
• Paid vacation + 12 additional bonus days.
• Fully paid sick leave without unnecessary bureaucracy.
• Support for professional development with compensation for relevant courses, certifications, and training.
• Real influence and responsibility for significant tasks, as well as the opportunity to participate in building key infrastructure in the fintech and crypto domains.