Applications Security Engineer

Position in Kathmandu, Nepal

About City Express

City Express is among the fastest growing, most recognized fin-tech startups globally and is the market leader in developing distributed ledger technology applied to the market infrastructure and financial services sector. Backed by leading financial institutions, infrastructure providers and financial software providers, the company is delivering enterprise-grade solutions for post-trade services.

Digital Asset applies a rigorous customer-driven approach to deliver on our vision for a better global financial system, enabled by distributed ledger technology.


Applications Security Engineers partner with the Product and Engineering teams to improve the security of our software and products. They ensure the security of the DA platform and applications from design to implementation and operations, in our environment and those of our clients. By implementing secure coding and application security best practices across the SDLC, they facilitate the delivery of a unique DLT platform with world-class robustness and security properties.

What We Are Using:
  • Java and Scala for backend development, Haskell for DSL tools and formal methods
  • Agile/Scrum and modern software engineering practices (SBE / TDD / CI / CD etc.)
  • Cloud services, containers for rapid deployment
  • SonarQube, Veracode and other tools for code analysis

Key Responsibilities

  • Partner with the Engineering and Product teams to define identity management, PKI and HSM implementations, implement secure coding practices, design customer-facing application security features and ensure that security is an integral part of the design and implementation of the product roadmap.
  • Work closely with the platform architecture team and software engineering teams throughout the entire SDLC to ensure that security concerns (including confidentiality, integrity and availability) are taken into account during design, development, testing, implementation, and deployment.
    • Identify emerging vulnerabilities, risks and threats during design iterations and provide appropriate mitigation strategies
    • Perform vulnerability assessments, source code reviews and open source management
    • Assist engineering teams in feature design and threat modeling
    • Drive source code security black-box testing, penetration testing, distributed system integrity and build system hardening
    • Maintain, validate, and communicate the products’ threat model, security properties, and trust model
    • Help secure infrastructure and services by identifying and tracking outstanding risks
  • Educate software engineers on secure coding techniques and application security best practices.
  • Monitor developments within the application security industry to continually advance and mature our internal practices and processes.


This is a rare opportunity to help define an industry and join a powerful team of financial services and technology innovators from cross sector startups and enterprise.

Digital Asset is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, sex, religion, sexual orientation, age, disability, citizenship status, veteran status or any other basis protected by applicable law. Applicants with disabilities who require accommodation should contact

Apply Now