Apply now »

Application Security Engineer

Production Security

Our Mission

Our goal is for everyone to make bolder choices with their finances.

To get there, we're creating an all-in-one ecosystem of financial services for today's generation of goal-getters. That feat takes extraordinary people-those with the guts to challenge the way things are and transform them into something better.

To be part of Team Maya is to be Bolder for Better.
Description: 

CORE PROFILE:

The DevSecOps Specialist plays a key role in embedding security across the software development lifecycle. With a deep understanding of application security and secure development practices, this role focuses on automating and scaling security across CI/CD pipelines, helping engineering teams build secure software without sacrificing speed. Working closely with product, tech and operations teams, the DevSecOps Specialist simplifies security adoption. Automating compliance, reducing risks and making security a seamless part of the DevOps process. The goal is to protect applications while keeping development fast and efficient.

 

NATURE OF WORK:

  • The DevSecOps Specialist ensures that security is a fundamental part of Maya’s development lifecycle, working at the intersection of security, engineering and operations. Responsibilities:
  • Own the integration and continuous improvement of AppSec tools (SAST, SCA, DAST) in CI/CD workflows.
  • Lead security reviews for high-impact features and services.
  • Design and maintain security-as-code pipelines and controls at the application layer.
  • Conduct deep-dive threat modeling for product features, APIs and services.
  • Drive adoption of secure coding practices and provide security guidance to engineers during design and implementation.
  • Automate detection and remediation of application-level vulnerabilities.
  • Support the Office of the CISO in executing security strategies and initiatives.

 

DISPLAYED SKILL MASTERY

  • 3–5 years in AppSec, DevSecOps, or related SDLC security engineering roles.
  • Strong experience with CI/CD integration for SAST, SCA, and DAST tools.
  • Familiarity in Python, JavaScript or similar for automation of security checks.
  • Knowledge of modern web app and API security risks (e.g. OWASP Top 10).
  • Familiarity with secure coding patterns and anti-patterns.
  • Understanding of OAuth, tokenization, and application-level authz/authn controls.
  • Experience conducting or supporting threat modeling sessions with product teams.

 

REQUIRED QUALIFICATIONS

  • Bachelor Degree in Information Technology, Computer Science, or equivalent
  • 3+ years of practical experience in DevSecOps, Security Automation, or Application Security.
  • Hands-on experience with CI/CD pipelines, security tooling and DevOps practices.
  • Strong programming/scripting skills (Python, Java, Bash) for security automation.
  • Experience with cloud security and compliance frameworks (AWS, PCI DSS, ISO 27001).
  • Understanding of container security, Kubernetes, and microservices security.
  • Familiarity with code review practices, threat modeling, and product-level risk analysis.
  • Solid knowledge of secure software development principles.
  • Familiarity with OAUTH protocols for secure authentication and authorization.

About Us

Maya is the all-in-one money platform that is bringing Filipinos bolder ways to master their money. It is powered by a unique integrated financial services ecosystem that addresses the ever-evolving needs of today’s generation of money makers through cutting edge technology. 

We lead millions of Filipinos — consumers, businesses, communities, and government agencies alike — into a version of the current digital economy that’s more inclusive, transparent, and empowering than ever. 

We are powered by the country's only end-to-end digital payments company Maya Philippines, Inc. and Maya Bank, Inc. for digital banking services. 

Maya Bank, Inc. and Maya Philippines, Inc. are regulated by the Bangko Sentral ng Pilipinas. https://www.bsp.gov.ph/

Apply now »