Secure Code Engineer (Client-site)

At Umpisa Inc., our mission is to make the Philippines be known globally as a tech hub.

Umpisa Inc. is a progressive technology services company that partners with select industries, clients and people to work on pioneering and industry-changing solutions via digital transformation, modern software development and venture building.

We create a set of world-class and impactful products and solutions to help organizations and individuals live better lives. We offer demanding, challenging and rewarding careers in software development, product development, emerging technologies, and more for the right candidates.

Essential Skills:

• Aligns with our values: Excellence, Integrity, Professionalism, People Success, Customer Success, Fun, Innovation and Diversity
• Strong communication skills
• Strong problem solving and analytical skills
• Excellent problem-solving ability
• Would like to work as part of a self-organizing Scrum team in a scaled agile framework
• Must be a self-starter and loves to collaborate with the team and client

About the Role

We are seeking a detail-oriented and technically proficient Secure Code Engineer to help ensure our financial applications are developed and deployed securely. This role is ideal for someone with a strong programming background and a passion for ** software security , particularly within banking or fintech ** environments.

You will play a key role in identifying vulnerabilities, promoting secure coding practices, and collaborating with engineering teams to proactively secure our platforms.

Key Responsibilities

• Analyze source code to identify and remediate security vulnerabilities during development.
• Collaborate with engineering teams to integrate security into the software development lifecycle (SDLC).
• Promote and enforce secure coding practices across development teams.
• Perform static application security testing (SAST) and ** threat modeling **.
• Maintain up-to-date knowledge of common vulnerabilities, security trends, and OWASP Top 10 threats.
• Provide clear technical guidance and secure design recommendations to developers.
• Assist in establishing and maintaining secure coding standards, best practices, and documentation.
• Support compliance with security frameworks and industry standards (e.g., PCI-DSS, ISO 27001).

Requirements

Minimum Qualifications

• Minimum 3 years of experience in application security, secure software development, or related roles.
• Solid background in **software engineering and programming , with experience in languages such as Java, JavaScript, .NET, Python, or Node.js **.
• Hands-on experience identifying and mitigating vulnerabilities using the **OWASP framework **.
• Familiarity with SAST tools such as **SonarQube, Fortify, Checkmarx , or Veracode **.
• Strong understanding of **web application security , API security **, and secure data handling practices.
• Experience in or exposure to the **banking or fintech industry **.
• Must have Banking/Fintech experience

Nice to Have

• Experience in **cloud security **(AWS/GCP/Azure) and container security (Docker/Kubernetes).
• Familiarity with DevSecOps and CI/CD integration.
• Certifications such as **CSSLP , OSCP , CEH , or CISSP **.
• Exposure to **mobile application security **(Android/iOS).
• Understanding of regulatory standards and frameworks (e.g., PSD2, GDPR, MAS-TRM).