Application Security Engineer

What you will do

• Lead threat modeling and secure design reviews for new features, services, and architectural changes to discover and mitigate security findings early (shift left).
• Design and implement security-sensitive application functionality such as authentication, authorization, roles and permissions, and customer data handling.
• Build and maintain security libraries, tooling, and AI-powered agent suites that enable engineering teams to ship secure code by default and run frequent in-house security tests.
• Own our security testing lifecycle: integrate SAST, DAST, and SCA into CI/CD, contract and operate external penetration tests, and lead remediation of findings end-to-end.
• Perform secure code reviews and partner with developers on fixes, not just filing tickets, but pairing on solutions.
• Harden cloud infrastructure and runtime environments, including container security, network policies, secrets management, and least-privilege access controls.
• Evaluate security risks of portfolio companies.

What we look for

• BSc. or MSc. in Computer Science or comparable degree.
• At least 5 years of experience in software engineering and infrastructure with focus on security.
• Exceptional problem-solving abilities, effective communication, and teamwork skills.
• You should be strong in Backend & Application Security Engineering and at least one of the remaining three skill sets:
• Backend & Application Security Engineering (required)
• • Strong proficiency in Go (or motivation to learn it); experience with Python is a plus.
  • Experience building secure backend services, APIs, and security-sensitive application features (auth, access control, data protection).
  • Hands-on experience with threat modeling methodologies (e.g., STRIDE) and secure design reviews.
  • Experience with security testing tools (SAST, DAST, SCA) such as Semgrep, CodeQL, Snyk, or Burp Suite.
  • Deep understanding of OWASP Top 10, common vulnerability classes, and secure coding practices.
• Security & Compliance Engineering
• • Experience implementing and automating security controls in cloud environments (AWS preferred).
  • Familiarity with PCI DSS standards and compliance lifecycle management.
  • Understanding of IAM, network security, encryption, and secure SDLC practices.
  • Experience with cloud-native security tools (e.g., AWS Security Hub, GuardDuty, CloudTrail).
  • Experience with security audits, risk assessments, and evidence collection.
• Cloud Infrastructure (AWS)
• • Strong hands-on experience with AWS services such as IAM, VPC, ECS/EKS, and Lambda.
  • Experience with Infrastructure as Code tools (Terraform, CDK, or CloudFormation).
  • Understanding of container security, secrets management, and CI/CD hardening.
  • Experience with observability, monitoring, and cloud compliance automation.
• Infra & CI/CD
• • Experience setting up secure CI/CD pipelines and tooling (Terraform, Docker, etc.).
  • Setup and management of large-scale applications using Kubernetes on AWS.
  • Knowledge of security management, least privilege enforcement, and compliance automation.