Required Application Security Engineer
The Role:
The ideal candidate will have a strong background in application security, coupled with expertise in product security, infrastructure management, and DevOps practices.
You should be comfortable wearing multiple hats and thrive in a fast-paced, collaborative environment.
Pioneer new approaches to application security, including leveraging AI for advanced automations and process optimizations.
If you're ready to push the boundaries of application security and contribute to a culture of uncompromising quality, we want you on our team.
Join us in our relentless pursuit of robust security and a continuously hardening application landscape.
What you will do:
Conduct internal penetration testing against our applications and APIs.
Design, build, and implement the Secure SDLC process, integrating security into all stages of the software development lifecycle.
Evaluate product design and architecture against security best practices, offering guidance on prioritization and remediation.
Build and automate security testing as part of our CICD pipeline and cloud environments based on automation workflows leveraging AI.
Develop and lead projects, implementing various security tools and technologies, such as: AI agents context-aware, SAST, SCA, vulnerability scanners, and Kubernetes (K8s) security tooling.
Mentor development teams through training and hackathons.
Support security incident response in a cross-functional environment.
The Role:
The ideal candidate will have a strong background in application security, coupled with expertise in product security, infrastructure management, and DevOps practices.
You should be comfortable wearing multiple hats and thrive in a fast-paced, collaborative environment.
Pioneer new approaches to application security, including leveraging AI for advanced automations and process optimizations.
If you're ready to push the boundaries of application security and contribute to a culture of uncompromising quality, we want you on our team.
Join us in our relentless pursuit of robust security and a continuously hardening application landscape.
What you will do:
Conduct internal penetration testing against our applications and APIs.
Design, build, and implement the Secure SDLC process, integrating security into all stages of the software development lifecycle.
Evaluate product design and architecture against security best practices, offering guidance on prioritization and remediation.
Build and automate security testing as part of our CICD pipeline and cloud environments based on automation workflows leveraging AI.
Develop and lead projects, implementing various security tools and technologies, such as: AI agents context-aware, SAST, SCA, vulnerability scanners, and Kubernetes (K8s) security tooling.
Mentor development teams through training and hackathons.
Support security incident response in a cross-functional environment.
Requirements:
3+ years of relevant experience
Experience with application security and hands-on penetration testing
Experience in application development with at least one modern programming language.
Experience performing code reviews
Expertise in security tools and processes, including SAST, DAST, SCA, vulnerability scanners, and Kubernetes security tooling.
Knowledge of DevOps and DevSecOps practices
Knowledge of web application architectures
Knowledge of threat modeling
Strong self-driven learning abilities, staying current with industry trends and technologies
What is Nice to Have:
Offensive Security Certifications such as OSCP, AWAE, OSCE
Relevant certifications and knowledge in cloud such as: AWS, Azure, CISSP, CCSK, Kubernetes (K8s).
Knowledge of security frameworks, regulations, and standards such as HITRUST, HIPAA, and SOC2.
Experience with CTFs and/or bug bounties.
3+ years of relevant experience
Experience with application security and hands-on penetration testing
Experience in application development with at least one modern programming language.
Experience performing code reviews
Expertise in security tools and processes, including SAST, DAST, SCA, vulnerability scanners, and Kubernetes security tooling.
Knowledge of DevOps and DevSecOps practices
Knowledge of web application architectures
Knowledge of threat modeling
Strong self-driven learning abilities, staying current with industry trends and technologies
What is Nice to Have:
Offensive Security Certifications such as OSCP, AWAE, OSCE
Relevant certifications and knowledge in cloud such as: AWS, Azure, CISSP, CCSK, Kubernetes (K8s).
Knowledge of security frameworks, regulations, and standards such as HITRUST, HIPAA, and SOC2.
Experience with CTFs and/or bug bounties.
This position is open to all candidates.
