Application Security Engineer

Accountabilities:

• Own and manage bug bounty intake processes, including triaging reports, validating vulnerabilities, and reproducing proof of concepts.


• Collaborate with developers and product teams to design and implement effective remediation strategies for identified security issues.


• Contribute directly to codebases by reviewing and submitting pull requests to fix security vulnerabilities.


• Support validation of external penetration testing results and integrate findings into development backlogs.


• Participate in threat modeling, secure architecture discussions, and security-focused code reviews.


• Enhance Secure Development Lifecycle (SDL) practices, including SAST/DAST integration and security automation within CI/CD pipelines.


• Perform lightweight penetration testing on new features and releases when required.


• Maintain clear and structured documentation of application security processes and best practices.


• Facilitate communication between security, engineering, and product teams to ensure timely resolution of vulnerabilities.

Requirements

• Previous experience as a software developer or application security engineer in modern web or backend environments.


• Hands-on experience in security testing through bug bounty programs, CTFs, or penetration testing activities.


• Strong understanding of common application security vulnerabilities (e.g., OWASP Top 10: SSRF, IDOR, XSS, etc.).


• Familiarity with security tools such as Burp Suite and SAST/DAST solutions (e.g., SonarQube, Snyk).


• Experience collaborating closely with engineering and product teams in Agile environments.


• Ability to analyze, reproduce, and resolve complex security issues with a “find and fix” mindset.


• Knowledge of secure coding practices for web and API-based applications.


• Exposure to CI/CD pipelines and DevOps tools is considered an advantage.


• Familiarity with infrastructure or security tools such as Terraform, Helm, or WAF solutions is a plus.


• Strong communication and problem-solving skills, with the ability to clearly explain technical security risks.

• Fully remote-first working model with flexibility and international collaboration.


• Opportunity to work in a diverse, multicultural environment with global teams.


• Strong focus on learning, growth, and professional development in cybersecurity.


• Access to learning budgets and remote work support benefits.


• Comprehensive health insurance coverage fully supported by the employer.


• Paid time off and additional remote-friendly perks to support work-life balance.


• Collaborative, feedback-driven culture that encourages innovation and ownership.


• Opportunity to contribute directly to product security at scale in a fast-growing tech environment.

Diese Anzeige stammt von ats_lever. Originalanzeige ansehen ↗