This is a fully remote position, open to applicants in Turkey.

• Execute threat modeling, perform security architecture evaluations, and conduct design analyses for web applications and APIs.

• Carry out both manual and automated security assessments during the development and pre-release phases.

• Create and implement security pipelines (incorporating SAST and DAST) and ensure their integration within the SDLC process.

• Establish and oversee SBOM generation and consumption workflows throughout the SDLC.

• Work collaboratively with development teams to ensure prompt resolution of detected vulnerabilities.

• Uphold security guidelines consistent with OWASP best practices and offer training for development teams.

• Remain updated on emerging application security threats, tools, and industry advancements.

• 3–5 years of experience in application security, specifically focusing on web applications and API security.

• Proficient knowledge of at least one scripting or programming language (such as Python, JavaScript, C#, or Go).

• Experience with tools like OWASP ZAP, Burp Suite, Snyk, or similar applications.

• Familiarity with secure coding practices, DevSecOps methodologies, and container security principles.

• Strong grasp of CVE, CVSS, and vulnerability disclosure processes.

• Excellent command of business English.

• Understanding of SBOM standards (CycloneDX, SPDX) and experience in integrating SBOM tools into CI/CD pipelines.

• Knowledge of software composition analysis (SCA) tools.

• 💻 Choice of work equipment (e.g., laptop, monitor, etc.)

• 🇬🇧 English classes (iTalki – $130 monthly)

• ⏰ Flexible schedule (we typically work between 09:00/10:00 and 18:00/19:00 CET or EET)

• 👶 Newborn bonus (€500 per child)

• 🧠 Patent remuneration

• 🌴 Paid leave

• 🧑‍💻 Remote work options in locations without our offices

• Hybrid work arrangement in locations with offices (2 days in-office, 3 days remote)

Application Security Engineer

People also viewed