What we're looking for We are looking for an experienced and proactive Application Security Engineer to join our Security team. You’ll be responsible for strengthening the security posture of our applications and development processes by building scalable security solutions, embedding best practices, and partnering closely with engineers and product teams. This role blends technical depth in application security with a strong emphasis on automation, threat modeling, and secure design. You’ll have the opportunity to define AppSec practices, influence engineering culture, and make a meaningful impact in a fast-growing company. If you’re excited to solve complex challenges and protect users at scale, we’d love to hear from you! What you'll be doing Security Pipeline: Design, implement, and maintain security automation within CI/CD, including SAST, SCA, secret scanning, API Security. Bug Bounty Program: Manage and improve the bug bounty program, coordinate with researchers and engineering teams to validate and remediate findings. Code Review & Pentesting: Conduct secure code reviews and penetration testing to identify vulnerabilities and guide developers on remediation. Product Security: Partner with engineering and product teams to define security architecture, perform threat modeling, and ensure secure design across applications. Cloud Security: Enhance visibility and governance of cloud environments by leveraging CSPM tools (Wiz, Orca) and ensuring compliance with best practices. Phishing Awareness: Lead initiatives to raise security awareness, including phishing simulation campaigns and training programs for employees. What you'll need Experience 5 years of experience in application security. Hands-on experience with application security testing tools (SAST, API Security, SCA). In-depth knowledge of common vulnerabilities (OWASP Top 10, CWE, CVEs) and remediation techniques. Experience embedding security practices into CI/CD pipelines. Strong communication and collaboration skills, with the ability to influence cross-functional teams. Proven ability to lead security projects independently. Technical Skills Experience with cloud-native application security (AWS, GCP, or Azure). Familiarity with container security (Docker, Kubernetes). Experience with Infrastructure as Code (IaC) security (Terraform, CloudFormation). Contributions to open-source security projects or active participation in the AppSec community. Relevant certifications (e.g., OSWE, OSCP, CISSP). Benefits Competitive salary Sign-on stock options bonus, so you become part of the success of the company Discretionary performance bonus (stock options) Paid annual leave Latest technology to work with Strong team that will help you improve your skills