Application Security engineer

Responsibilities

• Perform application security testing of Web, Mobile (iOS/Android), API.
• Conduct vulnerability assessments on cloud infrastructure (preferably GCP).
• Lead implementation and enhancement of SSDLC practices across engineering.
• Develop and maintain security automation pipelines (SAST, DAST, secret scanners, dependency checkers, quality gates).
• Collaborate with Developers, QA, DevOps, Product to resolve vulnerabilities and improve secure coding.
• Build and maintain internal tools for security testing and automation (Python preferred).
• Participate in internal audits and support compliance efforts (e.g., PCI DSS).

• Maintain security documentation, knowledge bases, and training material.

   

Requirements

• 5+ years in Application Security, including both offensive and defensive practices.
• Strong understanding of secure SDLC, CI/CD security integration, OWASP Top 10.
• Experience in testing application related to streaming.
• Experience with tools such as:
• -SAST: SonarQube, Black Duck or Defect Dojo
• -DAST: Burp Suite
• -Other: MobSF
• Proven ability to automate tests/exploits in Python.
• Security certifications:
• -CEH, Burp Suite Certified Practitioner
• Familiarity with GCP/AWS security, including vulnerability remediation.
• Strong experience in mobile app security (iOS & Android).
• Exposure to common attack tools (e.g., Metasploit, sqlmap, THC-Hydra, hashcat).

Nice to have:

• Degree in Cybersecurity, Information Security, or related field.
• Nuclei, QARK, jwt_tool, Frida, mitmproxy, apktool.
• Experience with bug bounty/responsible disclosure workflows.
• Security certifications:
• -HTB Certified Bug Bounty Hunter, Certified AppSec Practitioner (CAP).

What we offer:

• Stock options grant (we’re a Silicon Valley Company)
• Competitive salary
• On-site position (no remote)
• Medical insurance for you and 75% off for your relatives
• Free lunches
• Parking
• Multisport card
• Cheerful team spirit and fun office atmosphere