Senior Cloud Defender

A skilled Senior Application Security Engineer is required to join a growing Security team. This role demands proactive software development and cloud-native defense strategies.

• Validate vulnerabilities and provide actionable remediation guidance with development squads.
• Drive threat modeling sessions (e.g., STRIDE, PASTA) for critical systems and APIs.
• Implement automated processes for securely updating application dependencies and code proactively mitigating issues.
• Integrate security checks into CI/CD pipelines (SAST, DAST, SCA, IaC), working with tools like Semgrep, Snyk, Trivy, and Burp Suite.
• Contribute to runtime security initiatives, such as container/Kubernetes hardening, RASP, and eBPF-based detection.
• Maintain a security dashboard to track remediation status and metrics.
• Provide real-time support in the event of cybersecurity incidents impacting applications or cloud infrastructure.
• Partner with the Cloud Security team on automation tasks and monitoring improvements.
• Conduct research on new threats, vulnerabilities, and attack techniques relevant to the architecture.
• Collaborate on internal security awareness initiatives, phishing campaigns, and developer training.

• Fluent English, including strong verbal and written skills.
• Strong problem-solving and analytical mindset.
• Excellent communication skills to convey security risks.
• 3–5+ years of experience in application security, penetration testing roles, and/or secure code development.
• Hands-on experience with SAST, DAST, and SCA tools.
• Deep understanding of web, mobile, and API vulnerabilities.
• Proven expertise in performing code review and writing clear reports.
• Proficiency in at least one backend language and understanding of React front-ends.
• Familiarity with secure microservices architecture and REST APIs using OAuth2/OpenID Connect.
• Experience securing CI/CD pipelines and integrating AppSec tooling.
• Solid knowledge of containerization and Kubernetes security fundamentals.
• Understanding of cloud security principles.