Senior Application Security Engineer - Remote Position

About the Role

We are looking for a Senior Application Security Engineer to join our security team in a fully remote capacity. As a Senior Application Security Engineer, you will play a key role in advancing and maturing our application security program by establishing secure development standards and embedding security throughout the entire software development lifecycle (SDLC). You will work closely with development, DevOps, and DevSecOps teams to ensure security is integrated from the outset, enabling the delivery of resilient and secure applications.

What You'll Do

• Set up and manage tools like SAST, DAST, IAST, and RASP to enhance security measures.
• Manage vulnerabilities by keeping systems patched and secure.
• Check open-source code for security issues using OSA/SCA methodologies.
• Conduct and improve code security reviews to ensure best practices.
• Hardening API security for REST and GraphQL interfaces.
• Perform threat modeling (STRIDE, PASTA, etc.) for new features.
• Launch and run the bug bounty program to identify vulnerabilities.
• Build a "Security Champions" program across the engineering teams to promote security awareness.
• Collaborate with external teams on penetration tests to assess security posture.
• Share your security knowledge with team members and contribute to a culture of security.

Requirements

• Minimum of 5 years in Application Security or a similar security role.
• Hands-on experience with SAST, DAST, IAST, and RASP tools—especially Snyk and/or Acunetix.
• Real-world experience with vulnerability management and threat modeling methodologies (STRIDE, PASTA).
• Experience launching or managing a bug bounty program.
• Familiarity with pentesting or working closely with pentest teams.
• Strong understanding of OWASP standards (ASVS, WSTG, etc.) and SSDLC principles.
• Proficient in API security (REST, GraphQL).
• Ability to read and understand code in PHP, JavaScript, Go, C#, and C++ (especially Unity for desktop/mobile).
• Broad knowledge across application and infrastructure security.

Nice to Have

• Security certifications like OSCP, GWEB, CSSLP.
• Experience with Unity or game engine security.
• Familiarity with cloud security (AWS, AliCloud).
• Knowledge of integrating security checks into CI/CD pipelines (GitHub Actions).
• Experience building a Security Champions program.

What We Offer

• Awarded Best Managed Company of Switzerland by Deloitte in 2024 and 2025.
• Bi-Annual Company Wide Trips (2023 Armenia, 2025 Switzerland, and more to come!).
• Fully Remote work from either Germany, UK, or France.
• High flexibility and an employee-focused culture.
• Innovative and collaborative team environment.
• Great working conditions with a focus on work-life balance.