This is a fully remote position, open to applicants in Bulgaria.

• Conduct threat modeling, security architecture evaluations, and design assessments for web applications and APIs.

• Execute both manual and automated security testing during development and prior to release phases.

• Create and establish security pipelines (including SAST and DAST) and incorporate them into the SDLC framework.

• Develop and oversee SBOM generation and utilization processes throughout the SDLC.

• Work collaboratively with development teams to ensure prompt resolution of identified vulnerabilities.

• Provide security guidance that aligns with OWASP best practices and offer training sessions for development teams.

• Keep abreast of emerging application security threats, tools, and trends within the industry.

• 3–5 years of experience in application security, particularly in web applications and API security.

• Proficiency in at least one scripting or programming language (e.g., Python, JavaScript, C#, or Go).

• Familiarity with tools such as OWASP ZAP, Burp Suite, Snyk, or similar applications.

• Understanding of secure coding practices, DevSecOps, and container security principles.

• Strong grasp of CVE, CVSS, and vulnerability disclosure processes.

• Excellent proficiency in business English.

• Preferred Qualifications:

• Awareness of SBOM standards (CycloneDX, SPDX) and experience with integrating SBOM tools into CI/CD pipelines.

• Familiarity with software composition analysis (SCA) tools.

• Competitive salary and performance-based bonuses.

• Comprehensive health, dental, and vision insurance.

• Opportunities for continuous learning and professional development.

• Flexible working hours and remote work options.

• Collaborative and innovative work environment.

Application Security Engineer

People also viewed