Senior Application Security Engineer

We’re BrainRocket — an international software development and digital solutions company driven by 1,300 talented professionals across Cyprus, Malta, and Portugal.

Here, everything moves at rocket speed: driving innovation, pioneering projects, and fast-tracking careers.

Together, we turn ideas into action — let’s get started!

We invite a Senior Application Security Engineer to join our team on-site.

This is a 100% office-based role – no remote or hybrid options – at one of our hubs:

• Belgrade (Serbia),
• Lisbon (Portugal),
• Sofia (Bulgaria),
• Warsaw (Poland),
• Yerevan (Armenia).

The final location will depend on business needs and the feasibility of relocation from your current spot.

We provide relocation support.

✅ Responsibilities:

✔️ Demonstrated ability to collaborate with other teams to achieve complex objectives.

✔️ Responsible for security architecture design from cloud infrastructure to application through the implementation of "secure by design" principles.

✔️ Collaborate with product managers, architects, and developers on the implementation of the security controls platform ecosystem and products.

✔️ Proof security implementations within infrastructure and application deployment manifests and the CI/CD pipelines.

✔️ Define required policies, controls, and capabilities for the protection of products and environments.

✔️ Build and validate declarative threat models automation.

✔️ Participate in engineering teams’ product planning cycles and committees.

✔️ Oversee the product security aspects for migration of products and services from Data Center to public cloud, e.g., AWS.

✔️ Serve as a trusted cyber security advisor to product and application teams.

✅ Requirements:

✔️ Minimum of 3 years experience as an Application Security Engineer.

✔️ Experience integrating security scanning/tooling into development pipeline.

✔️ Experience in analyzing and securing microservices and applications developed using Javascript and Typescript.

✔️ Experience with CI/CD pipelines (such as Gitlab, Jenkins) and infrastructure-as-a-code models (such as Terraform, Helm, or CloudFormation).

✔️ Hands-on development experience in Python/shell scripting.

✔️ Strong understanding of supply chain security, software integrity, and secure software delivery.

✔️ Experience with docker and mesh technologies (such as ISTIO).

✔️ Experience with architecture and security reviews, threat modeling and applications risk highly desired.

✔️ Experience working with Agile methodologies.

✔️ Knowledge of privacy laws and regulations, such as GDPR desired.

✔️ Familiarity with industry regulations, frameworks, and practices. For example, PCI, ISO 27001, NIST, etc.

✅ PREFERRED QUALIFICATIONS:

✔️ In-depth experience with architecting secure services on Kubernetes.

✔️ Extensive experience with architecting secure services on AWS or on-prem data centers.

✔️ Security-related professional certifications e.g., CISSP, CISM, CCSK, CCSP, CEH is highly desirable.

✅ We offer excellent benefits, including but not limited to:

🧑🏻 💻 Learning and development opportunities and interesting, challenging tasks.

📚 Opportunity to develop language skills, with partial compensation for the cost of English classes.

🏝 Time for proper rest, with 20 working days of annual vacation.

📈 Competitive remuneration level with annual review.

🤝 Teambuilding activities.

Bold moves start here. Make yours. Apply today!