This is a fully remote position, open to applicants in Turkey.

• Execute threat modeling, security architecture assessments, and design evaluations for web applications and APIs.

• Perform both manual and automated security testing throughout the development and pre-release phases.

• Develop and establish security pipelines (including SAST and DAST) and incorporate them into the software development lifecycle (SDLC).

• Facilitate and oversee the generation and utilization of Software Bill of Materials (SBOM) processes across the SDLC.

• Work collaboratively with development teams to ensure prompt resolution of detected vulnerabilities.

• Uphold security guidelines in accordance with OWASP best practices and provide training for development teams.

• Keep abreast of the latest trends in application security threats, tools, and industry advancements.

• 3–5 years of experience in application security, specifically focusing on web applications and API security.

• Proficient in at least one scripting or programming language (such as Python, JavaScript, C#, or Go).

• Familiarity with tools such as OWASP ZAP, Burp Suite, Snyk, or comparable alternatives.

• Understanding of secure coding practices, DevSecOps, and container security principles.

• Solid grasp of CVE, CVSS, and vulnerability disclosure processes.

• Exceptional command of business English.

• Preferred Qualifications:

• Awareness of SBOM standards (CycloneDX, SPDX) and experience with integrating SBOM tools into CI/CD pipelines.

• Familiarity with software composition analysis (SCA) tools.

• Competitive salary and performance-based bonuses.

• Comprehensive health, dental, and vision insurance.

• Flexible work hours and remote work options.

• Opportunities for professional development and continuous learning.

• Supportive work environment with a focus on teamwork and collaboration.

Application Security Engineer

People also viewed