Application Security Engineer

About the role

We are looking for an Application Security Engineer to strengthen the security of modern web and API‑based applications in a fast‑moving, product‑driven environment. The role sits at the intersection of software engineering and cybersecurity, working closely with engineering, product and security teams to identify, validate and remediate vulnerabilities. You will help embed security throughout the development lifecycle and contribute directly to the resilience of our products.

Key responsibilities

• Own and manage bug bounty intake, triage reports, validate vulnerabilities and reproduce proofs of concept.
• Collaborate with developers and product owners to design and implement remediation strategies.
• Review code and submit pull requests to fix security issues.
• Validate external penetration‑testing results and integrate findings into development backlogs.
• Participate in threat modelling, secure architecture discussions and security‑focused code reviews.
• Enhance the Secure Development Lifecycle by integrating SAST/DAST tools and security automation into CI/CD pipelines.
• Perform lightweight penetration testing on new features and releases when required.
• Maintain clear documentation of application security processes and best practices.

Required profile

• Previous experience as a software developer or application security engineer in modern web or backend environments.
• Hands‑on experience with bug bounty programs, capture‑the‑flag competitions or penetration testing.
• Strong understanding of common application security vulnerabilities (e.g., OWASP Top 10).
• Experience working closely with engineering and product teams in Agile settings.
• Ability to analyse, reproduce and resolve complex security issues with a “find and fix” mindset.

Required skills

• Burp Suite
• SonarQube
• Snyk
• SAST / DAST solutions
• CI/CD pipeline tools
• Agile development processes
• Secure coding practices for web and API applications