About Alaan

Alaan is the Middle East’s first AI-powered spend management platform, built to help businesses save time and money.
Our all-in-one solution combines smart corporate cards, real-time expense tracking, AI-powered automation, seamless accounting integrations, and deep financial insights- designed to simplify finance operations and maximize control over company spend.

Founded in 2022, Alaan is already the trusted partner of over 2000 leading businesses across the UAE and KSA, including G42, Careem, McDonald’s, Tabby, Al Barari, Rove Hotels, Rivoli, and CarSwitch. Together, our customers have saved over AED 100 million with Alaan.

In just three years, Alaan has become the #1 expense management platform in the Middle East- and we’ve done it while becoming profitable.

Backed by Y Combinator and top global investors- including founders and executives of leading startups- Alaan is built by a world-class team from McKinsey, BCG, Goldman Sachs, Barclays, Zomato, Careem, Rippling, and other high-growth companies.

We’re not just building software. We’re reimagining how finance works for modern businesses across the region.

About the role

We are looking for an Application or Product Security Engineer with ~3–5 years of hands-on experience in securing web and mobile applications, APIs and cloud infrastructure. 

In this role, you will take ownership of securing our Applications, APIs and cloud resources, working closely with Development teams to continuously harden our applications and infrastructure in alignment with industry leading standards.

What you'll do

• Secure Web & Mobile applications, APIs by performing application security reviews/testing, identifying vulnerabilities, and working with engineering teams on remediation.
• Support security of AWS and GCP environments, including access reviews, network security, storage security, logging, and encryption best practices. 
• Review cloud and infrastructure configurations to identify misconfigurations
• Support investigations during incidents triaging by reviewing security logs and alerts
• Contribute to security guidelines, standards, and continuous improvement of the security posture.

What we are looking for

• 3–5 years of experience in Application Security or Product Security roles. 
• Practical experience securing web applications and APIs, with a solid understanding of OWASP Top 10 and common attack vectors. 
• Experience in threat modeling & secure code reviews.
• Good understanding of authentication & authorization flows.
• Understanding of secrets management and prevention of credential leaks.
• Working knowledge of IAM, networking, logging, and storage security. 
• Experience using security scanning tools (SAST, SCA, DAST, IaC scanning) and validating findings.
• Ability to collaborate effectively with engineering teams and communicate security risks clearly.

Bonus

• Experience of AWS or GCP security.
• Experience working in Financial, Banking, NBFC, FinTech or regulated environments.
• Basic understanding of logs and usage of SIEM tools for alert triage and investigation.
• Familiarity with compliance frameworks such as ISO 27001, SOC 2, or PCI DSS.

What's in it for you

• Contribute to building the Middle East’s most beloved fintech brand from the ground up
• Benefit from a role with significant ownership and accountability
• Thrive in a flexible hybrid culture with ample work-life balance
• Participate in exciting offsite events
• Competitive salary and equity
• Enjoy additional perks like travel allowances, gym memberships, and more