our Security team is looking for a highly skilled and security-savvy Application Security Engineer to lead our product and application security efforts. In this role, you will drive security design, ensure secure coding practices, and validate our services and environments against the highest security standards.
You will work closely with our R&D and Product teams to identify, mitigate, and prevent security risks throughout the software development lifecycle (SDLC). As a senior engineer, you will own security initiatives, mentor developers on security best practices, and play a key role in shaping the security posture of products.
The ideal candidate is highly motivated, eager to learn, and has a security by design mindset. This role provides career growth opportunities, enabling you to deepen your expertise in AppSec, DevSecOps, and cloud security.
What you'll do:
Partner with development and product teams to integrate security best practices into the SDLC
Lead threat modeling and architecture security reviews to proactively identify and mitigate risks
Conduct security assessments, including code reviews, vulnerability scans, penetration testing, and secure product design reviews
Stay up to date with emerging security threats, vulnerabilities, and industry trends, ensuring remains ahead of evolving risks.
Support and contribute to security incident response activities, including root cause analysis and post-incident improvements
Automate security processes and integrate security tools within CI/CD pipelines
Develop and deliver secure coding training to engineering teams
Requirements: 4+ years of experience in Application Security, Penetration Testing, or Product Security in a SaaS company
Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience)
Deep understanding and hands-on experience of web application security, including OWASP Top 10, authentication, encryption, and secure coding principles
Proficiency in scripting or programming languages (Python, JavaScript, Go, etc.) for security automation
Experience with cloud security best practices (AWS, GCP, or Azure)
Hands-on experience with DevSecOps and integrating security tools into CI/CD pipelines
Strong communication skills, with the ability to explain security risks and recommendations to technical and non-technical stakeholders, including executive management
Experience working with large-scale, complex R&D environments
Bonus Points:
Being introduced by an AppsFlyer team member
This position is open to all candidates.