Application Security Engineer

A seasoned professional is needed to fill the position of Application Security Engineer. The ideal candidate will have experience in application security, penetration testing roles, and/or secure code development, including work with QA teams.

The role requires direct engagement in application-layer matters and security reviews, while also contributing to cloud security automation, awareness initiatives, and secure engineering practices across the Software Development Life Cycle (SDLC).

• Collaborate with development squads to validate vulnerabilities and provide actionable remediation guidance aligned with business risk.
• Drive threat modeling sessions for critical systems and APIs.
• Design, implement, and oversee automated processes for securely updating application and code dependencies, proactively mitigating issues and ensuring timely vulnerability remediation.
• Integrate security checks into Continuous Integration/Continuous Deployment (CI/CD) pipelines, working with tools like Semgrep, Snyk, Trivy, and Burp Suite.
• Contribute to runtime security initiatives, such as container/Kubernetes hardening, Runtime Application Self-Protection (RASP), and eBPF-based detection.
• Build and maintain a security issues dashboard to track remediation status and metrics.
• Provide real-time support in the event of cybersecurity incidents impacting applications or cloud infrastructure.

• Fluent English, including strong verbal and written skills.
• Strong problem-solving and analytical mindset.
• Excellent communication skills to convey security risks to technical and non-technical stakeholders.
• At least 3 years of experience in application security, penetration testing roles, and/or secure code development, including work with QA teams.
• Hands-on experience with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tools.
• Deep understanding of web, mobile, and API vulnerabilities.
• Proven expertise in performing code review or security assessments and writing clear reports.
• Proficiency in at least one backend language and understanding of front-end technologies.
• Familiarity with secure architecture of microservices, event-driven systems, and REST APIs using OAuth2/OpenID Connect.
• Experience securing CI/CD pipelines and integrating AppSec tooling into SDLC.
• Solid knowledge of containerization and Kubernetes security fundamentals.
• Understanding of cloud security, preferably AWS, including IAM principles, cloud-native service configurations, and network segmentation.
• Comfortable with Agile development methodologies and working within cross-functional squads.

• Certifications such as OSCP, OSWE, GWAPT, CPTE, or CSSLP.
• Cloud security certifications from AWS, GCP, or Azure.
• Familiarity with bug bounty triage and vulnerability management platforms.
• Experience implementing RASP or eBPF runtime protection tools.
• Exposure to LLM/AI security considerations and secure code generation practices.

We are committed to providing a positive and inclusive work environment that fosters growth, diversity, and innovation.

As an equal employment opportunity employer, we welcome applicants from diverse backgrounds and encourage them to apply.