Senior Application Security Engineer

This is a fully remote position, open to applicants in Poland.

📋 Description

• Incorporate security measures throughout the Software Development Life Cycle (SDLC).

• Implement security activities across every phase of the SDLC: requirements, design, implementation, testing, deployment, and maintenance.

• Collaborate closely with engineering teams to ensure consistent application of secure development practices.

• Evaluate security controls for new features, services, and architectural modifications.

• Conduct threat modeling sessions (e.g., STRIDE) for both new and existing systems.

• Identify potential threats, attack vectors, misconfigurations, and insecure design patterns.

• Work alongside engineers to ensure adherence to secure-by-design principles.

• Execute security-focused code reviews to uncover vulnerabilities and risky implementations.

• Offer clear, actionable recommendations on secure coding patterns and best practices.

• Analyze application and system architectures from a security standpoint.

• Conduct both manual and automated web application security testing (e.g., injection flaws, authentication issues, access control vulnerabilities, insecure configurations, logic flaws).

• Operate, adjust, and enhance AppSec tools (SAST, DAST, SCA, secrets scanning, dependency scanning).

• Integrate and automate security checks within Continuous Integration/Continuous Deployment (CI/CD) pipelines.

• Identify shortcomings in tooling and suggest or implement enhancements.

• Provide support to engineering teams during application security incidents or vulnerability disclosures.

• Participate in triage, impact assessment, and root cause analysis.

• Ensure that lessons learned are incorporated back into design, tools, and processes.

• Empower engineers through training, documentation, and practical guidance.

• Develop and maintain secure coding guidelines, checklists, and internal resources.

• Serve as a trusted security partner rather than a hindrance.

⛳️ Requirements

• Strong grasp of secure software development principles.

• Comprehensive knowledge of common vulnerability types (OWASP Top 10, CWE).

• Experience in modern SDLCs and agile development methodologies.

• Practical experience with application security tools (SAST, DAST, SCA, etc.).

• Experience in integrating security tools into CI/CD pipelines.

• Familiarity with web application security testing.

• Ability to evaluate risk pragmatically and prioritize remediation efforts.

• Understanding of cloud-native architectures, APIs, and microservices.

• Experience collaborating closely with product and engineering teams.

🏝️ Benefits

• Fully remote work environment.

• Work-from-anywhere policy (travel and work).

• Flexible working hours.

• Comprehensive health and life insurance program.

• Learning and development budget.

• Tech-driven, friendly team with an international perspective.