Application Security Engineer

This is a fully remote position, open to applicants in Poland.

📋 Description

• Collaborate with product teams during the design stage to conduct threat modeling and risk assessment sessions.

• Execute thorough manual code reviews on essential applications to uncover logical vulnerabilities as part of white-box security evaluations.

• Adjust and refine rulesets for automated security scanning tools to minimize false positives and enhance detection rates.

• Create scripts and automation tools to optimize workflows, allowing for more complex analyses.

• Support developers in recognizing security risks and threats identified during risk assessments, threat modeling, and dynamic testing.

• Manage vulnerabilities from the bug bounty program, working alongside external researchers and internal engineering teams to rectify identified issues.

• Work in conjunction with Dev/QA teams throughout the development lifecycle to strengthen the application's security posture by offering dedicated security consulting, ongoing knowledge sharing, and practical guidance.

• Establish and update the internal security knowledge base, which includes detailed secure coding guidelines and technical manuals for standard security features.

⛳️ Requirements

• Over 1.5 years of experience in application security, software development, or related technical positions.

• Strong understanding of web fundamentals, including HTTP/HTTPS protocols, cookie storage mechanisms, and session management.

• Familiarity with web application security mechanisms and controls such as SOP, CORS, and CSP.

• In-depth knowledge of common web vulnerabilities, including those listed in the OWASP Top 10, and their respective mitigation strategies.

• Understanding of secure system and application architecture along with secure-by-design principles.

• Practical experience in identifying vulnerabilities through manual security assessments and secure code reviews.

• Capability to clearly communicate and explain the business implications of identified threats and vulnerabilities to developers and product teams.

• A strong security-focused mindset with an ongoing commitment to learning and achieving excellence in the cybersecurity domain.

• A university degree in Computer Science, Information Security, or a related field (or an equivalent combination of education and practical experience).

• Intermediate proficiency in English (B2 level or higher) for effective technical communication.

🏝️ Benefits

• Full-time remote work opportunities with flexible working hours.

• Private insurance coverage.

• An additional day off per calendar year.

• Compensation for sports programs.

• Comprehensive mental health program.

• Free online English lessons with a native speaker.

• Generous referral program.

• Access to training, internal workshops, and participation in international professional conferences and corporate events.