Security Engineer - AppSec

Our client is a global leader in enterprise orchestration, helping over 400,000 businesses worldwide streamline their operations with its AI-powered platform. They are looking for a highly accomplished Security Engineer - AppSec. This is a full-time, permanent, remote position ideally based in Spain, Portugal, or Bulgaria.

Requirements

Bachelor's degree in Computer Science, Cybersecurity, or a related technical field.

4+ years in cybersecurity or software engineering, with at least 2 years focused on application or product security.

Strong understanding of software development processes and ability to speak the language of engineers. 

Proficiency in one or more programming and scripting languages (e.g., Ruby, Java, Python, JavaScript, Bash).

Hands-on experience with vulnerability scanners and security testing tools.

Strong knowledge of threat modeling and security architecture reviews.

AI/ML security experience, including risk assessment and prevention guidelines. 

Advantages

Master's degree in a relevant field 

Prior experience as an application or product security engineer in a SaaS or cloud-native environment 

Advanced certifications (CISSP, OSCP, GPEN, GCIH, GIAC) 

Experience with DevSecOps and security automation 

Network security and encryption standards expertise 

Incident management and response experience 

AWS Security Specialty certification or equivalent cloud security certification 

Expertise in AWS security services (EKS, IAM, KMS, GuardDuty, CloudTrail) 

Key responsibilities include: 

Secure SDLC Integration: Embed with engineering teams to ensure security is part of every phase of the development lifecycle, from design to deployment. 

Threat Modeling & Design Reviews: Conduct early-stage threat modeling and participate in architectural and design reviews to identify and mitigate risks proactively. 

Security Enablement: Act as a security champion within product teams by providing training, building security knowledge, and driving adoption of secure coding practices. 

Code & Pipeline Reviews: Perform code reviews with a security lens and provide guidance on CI/CD pipeline security. 

Vulnerability Discovery & Triage: Identify and prioritize vulnerabilities using static/dynamic analysis and manual review, and work with developers on remediation strategies. 

Security Tooling & Automation: Collaborate with the broader ProdSec and DevOps teams to improve tooling and automate security feedback loops. 

Cross-Functional Collaboration: Partner with Product, SecOps, and Platform teams to align security with product goals and agile workflows. 

Security Advocacy: Help scale security awareness through documentation, workshops, and informal coaching embedded in daily engineering practice. 

Security Automation: Design and implement automated security tools and processes to improve detection, response, and compliance efficiency. This role offers the opportunity to secure mission-critical systems deployed globally while working with cutting-edge AI and cloud technologies. If you're looking to make a significant impact on enterprise security, this could be perfect for you.