AppSec Jobs
← Back to all jobs

Backbase

Principal Application Security Engineer - AI

Hyderabad, Telangana, IndiaWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Backbase

Backbase is a private fintech company founded in 2003 in Amsterdam, Netherlands. It specializes in an AI-powered Engagement Banking Platform designed to help financial institutions modernize their legacy systems and enhance customer journeys. The company serves over 150 financial institutions worldwide, impacting the banking experience of more than 50 million customers. With around 2,000 employees and 4,000 certified experts, Backbase operates from 16 offices across five continents, emphasizing rapid innovation with a significant portion of its team dedicated to research and development. The Engagement Banking Platform integrates data, journeys, and operations to replace outdated IT systems. Key features include the Intelligence Fabric for real-time insights, Agentic AI for automating banking tasks, and a Digital Banking Fabric for personalized web and mobile interfaces. Backbase's omnichannel architecture supports various banking sectors, enabling quick feature launches and reducing digital customer acquisition costs. The platform is tailored for banks and financial institutions looking to modernize without replacing core systems, facilitating digital transformations across customer servicing, sales, onboarding, and operations.

Industry

financial services

Employees

2,000

1108 engineers

Revenue

$346M

Website

Visit →

Security at Backbase

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Backbase's AppSec philosophy focuses on keeping millions of users and their banking data safe while guiding and supporting developer teams rather than acting as a gatekeeper.
  • Their risk philosophy acknowledges that prevention alone is insufficient, advocating for a defensible architecture that assumes compromise.
  • They prioritize reducing 'noise' in security tooling, as evidenced by their decision to drop early SAST tools that produced excessive false positives.

Security Team

  • The AppSec team works closely with customer-facing development and operations teams. The key public-facing leader is Brian Vlootman, CISO at Backbase.
  • As of January 2026, there are at least two active AppSec job postings (Senior Application Security Engineer and Principal AI Application Security Engineer).
  • Common skill patterns include implementing security tools in the SDLC, threat modeling, and understanding DevOps and cloud-native technologies.

Key Initiatives

  • Backbase practices 'Shift Left' by implementing SAST, SCA, IAST, and RASP tools directly into the SDLC.
  • Their vulnerability management includes dynamic testing and penetration tests before release.
  • They utilize OWASP-based security requirements (ASVS/M-ASVS and SKF) and conduct regular threat modeling.
  • A recent initiative involves the use of Application Detection and Response (ADR) to block exploits in real time.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.