This is a fully remote position, open to applicants in Serbia.

• Execute threat modeling, review security architecture, and analyze designs for web applications and APIs.

• Carry out both manual and automated security testing throughout the development and pre-release phases.

• Create and implement security pipelines (including SAST and DAST) and seamlessly integrate them into the SDLC process.

• Establish and oversee SBOM generation and consumption processes throughout the SDLC.

• Work in collaboration with development teams to ensure prompt resolution of identified vulnerabilities.

• Uphold security guidelines consistent with OWASP best practices and deliver training sessions for development teams.

• Keep abreast of the latest trends in application security threats, tools, and industry advancements.

• 3–5 years of experience in application security, specifically focusing on web applications and API security.

• Proficient in at least one scripting or programming language (e.g., Python, JavaScript, C#, or Go).

• Familiarity with tools such as OWASP ZAP, Burp Suite, Snyk, or equivalent.

• Understanding of secure coding practices, DevSecOps, and container security principles.

• Strong knowledge of CVE, CVSS, and the workflows for vulnerability disclosure.

• Exceptional command of business English.

• Preferred Qualifications:

• Awareness of SBOM standards (CycloneDX, SPDX) and experience in integrating SBOM tools into CI/CD pipelines.

• Familiarity with software composition analysis (SCA) tools.

• Comprehensive health and wellness benefits.

• Opportunities for professional development and continuous learning.

• Flexible working hours and remote work options.

• Collaborative and innovative work environment.

Application Security Engineer

People also viewed