Security Expert Advisor

A proactive and skilled application security engineer is required to join our growing team. This role demands a hands-on approach to secure software development and cloud-native defense.

This engineer will partner closely with engineering squads, work alongside the Cloud Security and GRC team members, and improve the security posture of our applications and platforms. Key responsibilities include:

• Collaborate with development teams to identify vulnerabilities and provide actionable remediation guidance.
• Conduct threat modeling sessions (e.g., STRIDE, PASTA) for critical systems and APIs.
• Design, implement, and oversee automated processes for securely updating application and code dependencies.
• Integrate security checks into CI/CD pipelines using tools like Semgrep, Snyk, Trivy, and Burp Suite.
• Contribute to runtime security initiatives, such as container/Kubernetes hardening, RASP, and eBPF-based detection.
• Develop and maintain a security issues dashboard to track remediation status and metrics.
• Provide real-time support during cybersecurity incidents impacting applications or cloud infrastructure.
• Partner with the Cloud Security team on security automation tasks and monitoring improvements.
• Stay up-to-date with new threats, vulnerabilities, and attack techniques relevant to our architecture.
• Collaborate with the GRC team to develop internal security awareness initiatives, phishing campaigns, and developer training.

• Fluent English, including strong verbal and written skills.
• Strong problem-solving and analytical mindset.
• Excellent communication skills to convey security risks to technical and non-technical stakeholders.
• 3–5+ years of experience in application security, penetration testing roles, and/or secure code development.
• Hands-on experience with SAST, DAST, and SCA tools.
• Deep understanding of web, mobile, and API vulnerabilities.
• Proven expertise in performing code reviews and writing clear reports.
• Proficiency in at least one backend language and understanding of front-end technologies.
• Familiarity with secure architecture of microservices and REST APIs.
• Experience securing CI/CD pipelines and integrating AppSec tooling into SDLC.
• Solid knowledge of containerization and Kubernetes security fundamentals.
• Understanding of cloud security principles.

This is an exciting opportunity to take your career to the next level and contribute to the growth of our organization.