Senior Application Security Engineer - Remote Role

About the Role

We’re looking for a Senior Application Security Engineer to join our team remotely. In this role, you will embed security into how we design, build, and operate software, ensuring that security is not an afterthought but an integral part of our engineering process. You’ll work closely with product and engineering teams to identify risks early and improve secure-by-design practices, continuously enhancing our application security posture.

What You’ll Do

• Embed security into the SDLC by integrating security activities across all phases: requirements, design, implementation, testing, deployment, and maintenance.
• Partner closely with engineering teams to ensure secure development practices are applied consistently.
• Review security controls for new features, services, and architectural changes.
• Run threat modeling sessions (e.g., STRIDE) for new and existing systems, identifying threats, attack paths, misconfigurations, and insecure design patterns.
• Perform security-focused code reviews to identify vulnerabilities and risky implementations, providing clear guidance on secure coding patterns and best practices.
• Conduct manual and automated web application security testing, including injection flaws, authentication issues, access control gaps, and insecure configurations.
• Support engineering teams during application security incidents or vulnerability disclosures, contributing to triage, impact assessment, and root cause analysis.
• Enable engineers through training, documentation, and hands-on guidance, creating and maintaining secure coding guidelines and internal resources.

Requirements

• Strong understanding of secure software development principles and common vulnerability classes (OWASP Top 10, CWE).
• Experience working within modern SDLCs and agile development workflows.
• Hands-on experience with application security tools (SAST, DAST, SCA, etc.) and integrating security tooling into CI/CD pipelines.
• Ability to assess risk pragmatically and prioritize remediation.
• Understanding of cloud-native architectures, APIs, and microservices.
• Background working closely with product and engineering teams.

Nice to Have

• Exposure to security metrics, maturity models, or AppSec program building.

What We Offer

• Fully remote work with a work-from-anywhere scheme.
• Flexible working hours to promote work-life balance.
• Health and life insurance program.
• Learning & development budget for continuous growth.
• A tech-driven, friendly team with an international mindset.

If you feel you’re a great fit for this Senior Application Security Engineer remote role, please apply! We’d love to hear from you!