Application Security Engineer

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Application Security Engineer in Spain.
This role sits at the intersection of software engineering and cybersecurity, focusing on strengthening the security posture of modern web and API-based applications in a fast-moving, product-driven environment. You will work closely with engineering, product, and security teams to identify vulnerabilities, validate security findings, and drive remediation efforts directly into production systems. The position combines hands-on technical security work with collaborative development practices, including code review and secure design discussions. You will play a key role in improving the secure development lifecycle by integrating security tooling and automation into CI/CD pipelines. This is an opportunity to actively shape how security is embedded across engineering teams, while contributing directly to product resilience and user trust. The environment is highly collaborative, remote-first, and built for engineers who enjoy solving real-world security challenges at scale.

Accountabilities:

• Own and manage bug bounty intake processes, including triaging reports, validating vulnerabilities, and reproducing proof of concepts.


• Collaborate with developers and product teams to design and implement effective remediation strategies for identified security issues.


• Contribute directly to codebases by reviewing and submitting pull requests to fix security vulnerabilities.


• Support validation of external penetration testing results and integrate findings into development backlogs.


• Participate in threat modeling, secure architecture discussions, and security-focused code reviews.


• Enhance Secure Development Lifecycle (SDL) practices, including SAST/DAST integration and security automation within CI/CD pipelines.


• Perform lightweight penetration testing on new features and releases when required.


• Maintain clear and structured documentation of application security processes and best practices.


• Facilitate communication between security, engineering, and product teams to ensure timely resolution of vulnerabilities.

Requirements

• Previous experience as a software developer or application security engineer in modern web or backend environments.


• Hands-on experience in security testing through bug bounty programs, CTFs, or penetration testing activities.


• Strong understanding of common application security vulnerabilities (e.g., OWASP Top 10: SSRF, IDOR, XSS, etc.).


• Familiarity with security tools such as Burp Suite and SAST/DAST solutions (e.g., SonarQube, Snyk).


• Experience collaborating closely with engineering and product teams in Agile environments.


• Ability to analyze, reproduce, and resolve complex security issues with a “find and fix” mindset.


• Knowledge of secure coding practices for web and API-based applications.


• Exposure to CI/CD pipelines and DevOps tools is considered an advantage.


• Familiarity with infrastructure or security tools such as Terraform, Helm, or WAF solutions is a plus.


• Strong communication and problem-solving skills, with the ability to clearly explain technical security risks.

• Fully remote-first working model with flexibility and international collaboration.


• Opportunity to work in a diverse, multicultural environment with global teams.


• Strong focus on learning, growth, and professional development in cybersecurity.


• Access to learning budgets and remote work support benefits.


• Comprehensive health insurance coverage fully supported by the employer.


• Paid time off and additional remote-friendly perks to support work-life balance.


• Collaborative, feedback-driven culture that encourages innovation and ownership.


• Opportunity to contribute directly to product security at scale in a fast-growing tech environment.

Este anuncio proviene de ats_lever. Ver anuncio original ↗