Our Security team is looking for a highly skilled and security-savvy Application Security Engineer to lead our product and application security efforts. In this role, you will drive security design, ensure secure coding practices, and validate our services and environments against the highest security standards.
You will work closely with our R&D and Product teams to identify, mitigate, and prevent security risks throughout the software development lifecycle (SDLC). As a senior engineer, you will own security initiatives, mentor developers on security best practices, and play a key role in shaping the security posture of our products.
The ideal candidate is highly motivated, eager to learn, and has a security by design mindset. This role provides career growth opportunities, enabling you to deepen your expertise in AppSec, DevSecOps, and cloud security.
What you'll do:
Partner with development and product teams to integrate security best practices into the SDLC.
Lead threat modeling and architecture security reviews to proactively identify and mitigate risks.
Conduct security assessments, including code reviews, vulnerability scans, penetration testing, and secure product design reviews.
Stay up to date with emerging security threats, vulnerabilities, and industry trends, ensuring we remain ahead of evolving risks.
Support and contribute to security incident response activities, including root cause analysis and post-incident improvements.
Automate security processes and integrate security tools within CI/CD pipelines.
Develop and deliver secure coding training to engineering teams.
Requirements: What you have:
4+ years of experience in Application Security, Penetration Testing, or Product Security in a SaaS company.
Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
Deep understanding and hands-on experience of web application security, including OWASP Top 10, authentication, encryption, and secure coding principles.
Proficiency in scripting or programming languages (Python, JavaScript, Go, etc.) for security automation.
Experience with cloud security best practices (AWS, GCP, or Azure).
Hands-on experience with DevSecOps and integrating security tools into CI/CD pipelines.
Strong communication skills, with the ability to explain security risks and recommendations to technical and non-technical stakeholders, including executive management.
Experience working with large-scale, complex R&D environments
Bonus Points:
Being introduced by our team member.
This position is open to all candidates.