Security Engineer - AppSec

About

Our client is a global leader in enterprise orchestration, helping over 400,000 businesses worldwide streamline their operations with its AI-powered platform.

Role

They are looking for a highly accomplished Security Engineer - AppSec. This is a full-time, permanent, remote position ideally based in Spain, Portugal, or Bulgaria.

This role offers the opportunity to secure mission-critical systems deployed globally while working with cutting-edge AI and cloud technologies. If you're looking to make a significant impact on enterprise security, this could be perfect for you.

Requirements

• Bachelor's degree in Computer Science, Cybersecurity, or a related technical field.
• 4+ years in cybersecurity or software engineering, with at least 2 years focused on application or product security.
• Strong understanding of software development processes and ability to speak the language of engineers.
• Proficiency in one or more programming and scripting languages (e.g., Ruby, Java, Python, JavaScript, Bash).
• Hands‑on experience with vulnerability scanners and security testing tools.
• Strong knowledge of threat modeling and security architecture reviews.
• AI/ML security experience, including risk assessment and prevention guidelines.

Advantages

• Master's degree in a relevant field
• Prior experience as an application or product security engineer in a SaaS or cloud‑native environment
• Advanced certifications (CISSP, OSCP, GPEN, GCIH, GIAC)
• Experience with DevSecOps and security automation
• Network security and encryption standards expertise
• Incident management and response experience
• AWS Security Specialty certification or equivalent cloud security certification
• Expertise in AWS security services (EKS, IAM, KMS, GuardDuty, CloudTrail)

Key Responsibilities

• Secure SDLC Integration: Embed with engineering teams to ensure security is part of every phase of the development lifecycle, from design to deployment.
• Threat Modeling & Design Reviews: Conduct early‑stage threat modeling and participate in architectural and design reviews to identify and mitigate risks proactively.
• Security Enablement: Act as a security champion within product teams by providing training, building security knowledge, and driving adoption of secure coding practices.
• Code & Pipeline Reviews: Perform code reviews with a security lens and provide guidance on CI/CD pipeline security.
• Vulnerability Discovery & Triage: Identify and prioritize vulnerabilities using static/dynamic analysis and manual review, and work with developers on remediation strategies.
• Security Tooling & Automation: Collaborate with the broader ProdSec and DevOps teams to improve tooling and automate security feedback loops.
• Cross‑Functional Collaboration: Partner with Product, SecOps, and Platform teams to align security with product goals and agile workflows.
• Security Advocacy: Help scale security awareness through documentation, workshops, and informal coaching embedded in daily engineering practice.
• Security Automation: Design and implement automated security tools and processes to improve detection, response, and compliance efficiency.