Application Security Engineer

SOFTSWISS

Completely RemoteFull TimeInformation Technology
Posted Today

Job description

Responsibilities

  • Partner with product teams during the design phase to facilitate threat modeling and risk assessment sessions
  • Perform in-depth manual code reviews on critical applications to identify logical vulnerabilities
  • Tune and adjust rulesets for automated security scanning tools to reduce false positives
  • Develop scripts and automation tools to streamline security workflows
  • Assist developers in understanding security risks and threats discovered during testing
  • Triage vulnerabilities from the bug bounty program and collaborate with researchers and engineering teams
  • Collaborate with Dev/QA teams to provide security consulting and actionable guidance
  • Develop and maintain the internal security knowledge base and secure coding guidelines

Requirements

  • 3+ years of experience in application security or software development
  • Solid understanding of web fundamentals including HTTP/HTTPS, cookies, and session management
  • Knowledge of web security mechanisms such as SOP, CORS, and CSP
  • Comprehensive understanding of OWASP Top 10 vulnerabilities and mitigation strategies
  • Knowledge of secure system and application architecture and secure-by-design principles
  • Practical expertise in manual security assessments and secure code reviews
  • Ability to articulate business impact of threats to developers and product teams
  • University degree in Computer Science, Information Security, or equivalent experience
  • English and Russian proficiency at an upper-intermediate level (B2+)

Preferred Qualifications

  • Passion for programming
  • Technical knowledge of network and operating systems security
  • Hands-on DevSecOps experience
  • Participation in bug bounty programs or CTFs
  • Knowledge of SAST/DAST tool customization
  • Relevant certifications such as BSCP or eWPT

Benefits

  • Full-time remote work opportunities and flexible working hours
  • Private insurance
  • Additional 1 Day Off per calendar year
  • Sports program compensation
  • Comprehensive Mental Health Program
  • Free online English lessons with a native speaker
  • Generous referral program
  • Training, internal workshops, and participation in international professional conferences

Skills & tools

Application SecurityDevSecOpsOWASP

What the team is looking for

Use this list as a quick fit check before you apply.

  1. 013+ years application security experience
  2. 02Web fundamentals knowledge
  3. 03OWASP Top 10 expertise
  4. 04Manual security assessment skills
  5. 05English and Russian B2+ proficiency
ScoutJobsAd

Wake up to a shortlist, not a search results page.

ScoutJobs scores every new listing against your CV, salary floor and visa. A handful of real matches by morning.

Get your daily matches