Senior Application Security Engineer

Requirements

• Proven 5+ years of commercial expertise in software development using Rust or Go.
• 2+ years of experience in application security, with a focus on secure software development.
• Deep understanding of common software vulnerabilities and exploitation techniques (e.g., memory safety, race conditions, injection flaws, deserialization attacks).
• Hands-on experience performing secure code reviews, threat modeling, and vulnerability assessments of modern applications.
• Familiarity with static application security testing (SAST) and dynamic application security testing (DAST) tools, and experience interpreting their results.
• Proficiency with secure design principles such as least privilege, defense in depth, secure defaults, and threat mitigation strategies.
• Experience integrating security testing into CI/CD pipelines and DevSecOps workflows.
• Knowledge of cryptographic best practices, including key management, secure protocols, and implementation pitfalls.
• Ability to assess the security posture of open-source dependencies and apply appropriate remediation strategies.
• Understanding of supply chain security, secure software lifecycle (SSDLC), and SBOM (Software Bill of Materials) practices.
• Strong knowledge of container security (Docker, Kubernetes), and cloud-native security controls (AWS, GCP, or Azure).
• Working knowledge of compliance standards such as ISO 27001, PCI DSS, and SOC 2.
• Upper-Intermediate English level.
• Be able to overlap minimum 6 hours with US Eastern Time (EST)

Nice to have skills

• Experience with blockchain technology or smart contract security.
• Security certifications (e.g., OSCP, CEH, CSSLP, GIAC).
• Experience with financial services or fintech security requirements (e.g., PCI DSS, SOC 2).

Responsibilities

• Perform security-focused code reviews and audits for applications written in Rust or Go.
• Develop and integrate security features, such as input validation, encryption, and authentication mechanisms.
• Build tools to automate vulnerability detection and enforce secure coding standards.
• Work with development teams to address security issues and implement secure design patterns.
• Monitor and respond to new vulnerabilities in open-source dependencies and runtime environments.
• Contribute to internal security training and best practice guidelines.
• Participate in threat modeling, penetration testing, and security architecture reviews.

Benefits

• 35 absence days per year for work-life balance
• Udemy courses of your choice
• English courses with native-speaker
• Regular soft-skills trainings
• Excellence Сenters meetups
• Online/offline team-buildings