Application Security Engineer

This is a fully remote position, open to applicants in Portugal.

📋 Description

• Take ownership of and manage our Bug Bounty programs: assess reports, verify findings, and reproduce Proofs of Concept (PoCs).

• Collaborate with developers and product owners to recommend and aid in the resolution of security issues.

• Write or review pull requests to address security vulnerabilities directly within the codebase.

• Validate findings from external penetration tests and incorporate them into the development backlog.

• Contribute to threat modeling, code reviews, and discussions regarding security design.

• Support the Secure Development Lifecycle (SAST, dependency scanning, security automation in CI/CD).

• Conduct lightweight penetration testing for new features and releases as necessary.

• Maintain comprehensive documentation to support Application Security processes.

• Facilitate security communications among Security, Developers, and Product to expedite the resolution of security tickets.

⛳️ Requirements

• Prior experience as a developer (any modern backend or frontend stack).

• Practical security experience through bug bounty programs, Capture The Flags (CTFs), or penetration testing, along with relevant tools (e.g., Burp Suite).

• Strong understanding of common application vulnerabilities (OWASP Top 10, SSRF, IDOR, etc.).

• Familiarity with SAST/DAST tools (e.g., SonarQube, Snyk).

• Experience working collaboratively with developers and product teams.

• Excellent problem-solving and communication skills with a proactive “find and fix” approach.

🏝️ Benefits

• International team comprising 40+ nationalities (and counting!) 🌍

• Remote-first policy with a headquarters located in Paris 🗼

• Dynamic startup environment with opportunities for career advancement 🪴

• Open-minded culture that values diversity 👽

• Supportive and curious team focused on feedback and a DIY mindset 🤔 🛠

• Generous Paid Time Off to ensure you have time for what matters most ❤️🏡

• Remote perks designed to enhance your working experience 🎁

• In-person social events to celebrate our achievements 🏝️

• Full coverage of your health insurance contribution paid by Swapcard 🏥

• Work-from-home budget (one-time contribution for equipment in addition to your initial setup) 🖇️

• Co-working space budget to facilitate remote work in professional settings 💼

• Learning budget to assist you in developing new and existing skills 🤓

• Mental health care initiatives to promote your well-being 🧘