AppSec Engineer at Paramo Technologies

About Us

a cutting-edge e-commerce company developing products for our own technological platform. Our creative, smart, and dedicated teams pool their knowledge and experience to find the best solutions to meet project needs, while maintaining sustainable and long-lasting results. How do we achieve this? By making sure that our teams thrive and develop professionally. Strong advocates of hiring top talent and letting them do what they do best, we strive to create a workplace that allows for an open, collaborative, and respectful culture.

What you will be doing

You will be responsible for ensuring that security is integrated adequately across the software development lifecycle (SSDLC), identifying and managing vulnerabilities in code, dependencies, and applications, and supporting development teams in building secure software. You will work closely with developers, infrastructure teams, and the rest of the Information Security Team to detect, analyze, remediate, and prevent security issues in applications and supporting platforms.

Key Responsibilities:

• Manage and operate application security and code vulnerability tools (e.g., SAST, DAST, dependency scanning, container security).
• Identify, analyze, and validate vulnerabilities discovered in source code, applications, containers, and external attack surface.
• Support and oversee vulnerability discovery activities, including:
  • Automated scanning tools
  • Bug bounty findings
  • Manual testing results (where applicable)
• Coordinate and support vulnerability remediation with development teams.
• Manage and improve the Secure Software Development Lifecycle (SSDLC).
• Review and manage the handling of secrets and sensitive data using tools such as HashiCorp Vault.
• Perform security reviews of external libraries, dependencies, and supply chain components.
• Support security testing tools such as OWASP ZAP, Acunetix, Burp Suite, SonarQube, Outpost24 EASM, and container scanning solutions.
• Correlate findings from multiple security tools and prioritize remediation based on risk.
• Ensure vulnerabilities are properly tracked, documented, and managed through Jira tickets.
• Validate that remediation actions are correctly implemented before closing tickets.
• Contribute to defining security standards, guidelines, and best practices for developers.
• Document new procedures or update existing ones related to application and development security.
• Ensure documentation is accurate, comprehensive, and delivered on time.
• Collaborate with SOC, IAM, and SIEM engineers when vulnerabilities or incidents overlap domains.
• Create reports and metrics related to vulnerabilities, remediation status, and SSDLC effectiveness.
• Engage in ongoing training and professional development to stay current with emerging threats, vulnerabilities, and secure development practices.
• Share knowledge and expertise with development and security teams to foster a culture of secure-by-design development.
• Adhere to the organization's different policies.
• Keep your work organized and traceable through tickets (Jira).

Knowledge and skills you need to have

• Five years of a university degree or a four-year college diploma, preferably in computer science, telecommunications, or other related academic fields, or equivalent work experience, are required.
• At least 2 years of work experience in application security, DevSecOps, or similar roles.
• Hands-on experience identifying and managing code and application vulnerabilities.
• Experience working with vulnerability scanning tools for:
  • Source code
  • Web applications
  • Containers and dependencies
• Understanding of the Secure Software Development Lifecycle (SSDLC).
• Experience collaborating with development teams on vulnerability remediation.
• Familiarity with secrets management and secure configuration practices.
• Strong analytical and problem-solving skills.
• Ability to work independently and as part of the Information Security Team under minimal supervision.
• Eager to learn and continuously improve security practices.
• Good documentation and reporting skills.
• Technical skills:
  • Solid foundations in networking, application architectures, and cybersecurity.
  • Ability to understand application flows, APIs, and common vulnerability patterns.

Additional requirements, not essential but "nice to have":

• Any cybersecurity certification.
• Familiarity with application security and DevSecOps frameworks.
• Knowledge of OWASP Top 10 and common application vulnerability classes.
• Familiarity with security standards and frameworks such as ISO 27001, NIST, or similar.
• Experience with bug bounty programs.
• Knowledge of common application security tools such as:
  • SonarQube
  • OWASP ZAP
  • Acunetix

Why choose us?

We provide the opportunity to be the best version of yourself, develop professionally, and create strong working relationships, whether working remotely or on-site. While offering a competitive salary, we also invest in our people's professional development and want to see you grow and love what you do. We are dedicated to listening to our team's needs and are constantly working on creating an environment in which you can feel at home.

Benefits

We offer a range of benefits to support your personal and professional development:

• 22 days of annual leave.
• 10 days of national holidays.
• Health Insurance options.
• Access to e-learning platforms.
• Possibility of on-site English classes in some countries, and more.

Join our team and enjoy an environment that values and supports your well-being. If this sounds like the place for you, contact us now!

This offer from "Paramo Technologies" has been enriched by Jobgether.com and got a 75% flex score.