We are seeking an Application Security Engineer to join a leading company in the AppSec industry and work on an exciting project. This is a well-paid remote role that offers an exceptional opportunity for growth and becoming an expert in application security.
Responsibilities:
- Perform different kinds of security assessments of customer applications. Including penetration testing, Threat Modeling and Secure Code Review.
- Analyze applications and generate vulnerability reports containing effective mitigation strategies.
- Analyze code security scan results, like SAST and DAST reports.
- Work together with customers to customize and tailor software security solutions to their environment.
- Collaborate with vendors in the community to identify and address flaws in software projects.
- Configure and enhance a DAST tool for multiple web application contexts.
- Work alongside the engineering team to share knowledge and insights on various aspects of application security.
- Help enable the secure development of new features for customer applications.
Your profile:
- At least 1 year of experience in application security or security research, demonstrating a strong understanding of application security attacks, vulnerabilities, and mitigation techniques.
- Strong knowledge in common Web Application security vulnerabilities (OWASP TOP10, SANS 25, etc.).
- Strong knowledge in common AI vulnerabilities (OWASP TOP 10 For LLM Applications and OWASP TOP 10 for Agentic Applications)
- At least 1 year of experience with Penetration Testing and Secure Code Reviews.
- Proficiency in 2-3 programming languages, such as Java, C#, Go, JS, Python, PHP, Ruby, etc.
- Language-agnostic approach to vulnerability identification in source code, capable of reading and identifying vulnerable parts in multiple programming languages.
- Knowledge of computer networks and cloud infrastructure.
- Excellent written and verbal communication skills in English.
- Customer-centric mindset.
Nice to Have:
While not mandatory, the following qualifications are desirable:
- BSc or BA in Cyber Security, Computer Science or a related field.
- Experience working with development teams.
- Previous experience with bug bounty research or published advisories/exploits for discovered 0day vulnerabilities in applications.
- Experience with Threat Modeling and Architecture Reviews of web applications.
- Knowledge of Secure Software Development Life-Cycle requirements.
What We Offer:
- Opportunity for Growth: We are committed to enabling your professional development, allowing you to grow and excel in your career.
- Expertise Development: We encourage individuals who are eager to challenge themselves and become experts in application security.
- Focus on Learning and Achievement: As part of a company dedicated to application security, you will have a unique environment where you can truly focus on learning, growth, and achieving your goals.
- Advancement Opportunities: We offer a genuine opportunity to advance in the field of Application Security. As you progress, you can aspire to become a Senior Engineer or even a Team Lead in our disruptive and forward-thinking company.
If you are interested in this role and meet most but not all of the requirements, we encourage you to apply.