This is a fully remote position, open to applicants in Bulgaria.

• Execute threat modeling, security architecture assessments, and design evaluations for web applications and APIs.

• Perform both manual and automated security testing throughout development and prior to release.

• Create and establish security pipelines (incorporating SAST and DAST) and embed them within the SDLC framework.

• Develop and oversee SBOM generation and utilization processes across the SDLC.

• Partner with development teams to guarantee prompt resolution of detected vulnerabilities.

• Uphold security guidance in accordance with OWASP best practices and deliver training sessions for development teams.

• Remain informed about emerging application security threats, tools, and advancements in the industry.

• 3–5 years of experience in application security, particularly focusing on web applications and API security.

• Proficient in at least one scripting or programming language (e.g., Python, JavaScript, C#, or Go).

• Familiar with tools such as OWASP ZAP, Burp Suite, Snyk, or comparable alternatives.

• Knowledgeable about secure coding practices, DevSecOps, and container security principles.

• Strong grasp of CVE, CVSS, and vulnerability disclosure processes.

• Excellent proficiency in business English.

• Preferred Qualifications:

• Familiarity with SBOM standards (CycloneDX, SPDX) and experience in integrating SBOM tools into CI/CD workflows.

• Understanding of software composition analysis (SCA) tools.

• 💻 Choice of work equipment (e.g., laptop, monitor, etc.)

• 🇬🇧 English classes (iTalki – $130 monthly)

• ⏰ Flexible schedule (we usually work between 09:00/10:00 and 18:00/19:00 CET or EET)

• 👶 Newborn bonus (€500 per child)

• 🧠 Patent remuneration

• 🌴 Paid leave

• 🧑‍💻 Remote work in locations without our offices

• Hybrid work in locations with offices (2 days in-office, 3 days remote)

Application Security Engineer

People also viewed