Application Security Engineer

About the Role

Solidgate builds financial infrastructure for fast‑growing internet businesses worldwide. Our platform processes millions of payments daily and operates in a highly regulated fintech environment, where security is a core product requirement — not an afterthought.

Our engineering organization builds and scales a complex cloud‑native platform with over 120 microservices. As the company continues to grow, we are strengthening our security organization and introducing a dedicated Application Security Engineer role.

The mission of this role is to keep our business and revenue safe by building security into the way we develop software — from early design decisions to CI/CD pipelines and live production systems. This is a hands‑on Application Security role focused on embedding security into the software development lifecycle and reducing real product risks.

You will work closely with engineering teams to:

• Design secure application architectures
• Improve secure coding practices
• Detect vulnerabilities early in the development lifecycle
• Continuously improve application security as part of everyday engineering work

You will have a direct impact on how secure software is built across a large microservices ecosystem, influencing standards, tooling, and engineering culture.

What You Will Own

• Build and maintain secure coding standards and support their adoption across development teams
• Conduct threat modeling during architecture and design stages
• Implement and improve application security testing, including SAST, DAST, dependency and secrets scanning, CI/CD security checks
• Perform regular application security assessments and maturity evaluations (OWASP ASVS, OWASP SAMM)
• Manage the full vulnerability lifecycle: triage, prioritization, remediation support, and validation
• Support external penetration testing and Bug Bounty programs
• Identify and mitigate security risks in cloud environments and CI/CD pipelines

You Are a Great Fit If You Have

• At least 2 years of experience in Application Security or Product Security
• Hands‑on experience with OWASP Top 10 vulnerabilities
• Practical experience with secure code reviews, threat modeling, SAST and DAST tools and their integration into CI/CD pipelines
• Strong understanding of web application and API security
• Ability to communicate clearly with engineers and work as a partner rather than a blocker

Nice to Have

• Experience with container security and cloud security tooling
• Familiarity with DevSecOps and shift‑left security practices
• Experience automating application security processes
• Background as a software engineer or close collaboration with development teams

Why Join Solidgate?

• Build security that matters – lead initiatives that define how security is embedded into our software development lifecycle across multiple teams and products.
• Your expertise counts – enjoy real autonomy to propose, test, and implement security practices and tooling that directly improve product resilience and reduce risk.
• Room to experiment – apply modern AppSec, automation, and shift‑left approaches with full support from engineering and security leadership.
• Impact & visibility – see the results of your work directly in more secure products, fewer vulnerabilities, and stronger engineering practices.
• Collaborative environment – work side by side with experienced, curious engineers who treat security as a shared responsibility and value partnership over gatekeeping.

Benefits: 30+ days off, unlimited sick leave, free office meals, health coverage, Apple gear, courses, conferences, sports and wellness benefits.