Application Security Engineer

This is a fully remote position, open to applicants in Serbia.

📋 Description

• Execute threat modeling, security architecture assessments, and design evaluations for web applications and APIs.

• Perform both manual and automated security testing during the development and pre-release phases.

• Create and implement security pipelines (including SAST and DAST) and incorporate them into the SDLC framework.

• Establish and oversee SBOM generation and consumption procedures throughout the SDLC.

• Work in partnership with development teams to ensure prompt resolution of identified vulnerabilities.

• Uphold security guidelines that align with OWASP best practices and deliver training for development teams.

• Remain informed about the latest application security threats, tools, and industry advancements.

⛳️ Requirements

• 3–5 years of experience in application security, particularly in web applications and API security.

• Proficient in at least one scripting or programming language (e.g., Python, JavaScript, C#, or Go).

• Familiarity with tools such as OWASP ZAP, Burp Suite, Snyk, or similar software.

• Understanding of secure coding practices, DevSecOps, and container security principles.

• Strong grasp of CVE, CVSS, and vulnerability disclosure processes.

• Excellent proficiency in business English.

• Preferred Qualifications:

• Knowledge of SBOM standards (CycloneDX, SPDX) and experience in integrating SBOM tools into CI/CD pipelines.

• Familiarity with software composition analysis (SCA) tools.

🏝️ Benefits

• 💻 Choice of work equipment (e.g., laptop, monitor, etc.)

• 🇬🇧 English classes (iTalki – $130 monthly)

• ⏰ Flexible schedule (we typically work between 09:00/10:00 and 18:00/19:00 CET or EET)

• 👶 Newborn bonus (€500 per child)

• 🧠 Patent remuneration

• 🌴 Paid leave

• 🧑‍💻 Remote work in locations without our offices

• Hybrid work in locations with offices (2 days in-office, 3 days remote)