Join our security team as a Senior Application Security Engineer to advance and mature our application security program. You will establish secure development standards and embed security throughout the software development lifecycle. This role requires a strong background in AppSec and experience with various security tools and methodologies.
Key Highlights
Key Responsibilities
Technical Skills Required
Benefits & Perks
Nice to Have
Job Description
We are looking for a Senior Application Security Engineer to join our security team. You will play a key role in advancing and maturing our application security program by establishing secure development standards and embedding security throughout the entire software development lifecycle (SDLC). You will work closely with development, DevOps, and DevSecOps teams to ensure security is integrated from the outset, enabling the delivery of resilient and secure applications.
This position is fully-remote and requires to be permanently residing and authorized to work in Germany, France or United Kingdom.
Where You Will Make a Difference
- Playing with and setting up tools like SAST, DAST, IAST, and RASP
- Managing vulnerabilities (keeping stuff patched and secure)
- Checking open-source code for security issues (OSA / SCA)
- Doing and improving code security reviews
- Hardening API security (REST, GraphQL)
- Doing threat modeling (STRIDE, PASTA, etc.) for new features
- Launching and running the bug bounty program!
- Building a "Security Champions" program across the engineering teams
- Working with external teams on penetration tests
- Sharing your security knowledge with everyone
Looking to advance your Cyber Security career with relocation support? Explore Cyber Security Jobs with Relocation Packages that include comprehensive packages to help you move and settle in your new role.
Who You Are
- Min. 5 years in AppSec or a similar security role
- Hands-on with SAST/DAST/IAST/RASP tools—especially Snyk and/or Acunetix
- Real-world experience with vulnerability management and threat modeling. (STRIDE, PASTA)
- Experience launching or managing a bug bounty program
- Experience with pentesting or working closely with pentest teams
- Know your stuff when it comes to OWASP standards (ASVS, WSTG, etc.) and SSDLC principles
- Good at API security (REST, GraphQL)
- Can read and understand code in: PHP, JS, Go, C#, and C++ (especially Unity for desktop/mobile)
- Broad knowledge across application and infrastructure security
Discover our full range of relocation jobs with comprehensive support packages to help you relocate and settle in your new location.
Nice to Have
- Security certs like OSCP, GWEB, CSSLP
- Experience with Unity / game engine security
- Familiar with cloud security (AWS, AliCloud)
- Know how to put security checks into CI/CD pipelines (GitHub Actions)
- Experience building a Security Champions program
Similar Jobs
Explore other opportunities that match your interests
Application Security Engineer
evolveum
RIXT Recruitment
