Key skills
CloudMicroservicesSDLCAgileCI/CDRemote WorkOWASP
About this role
Role Overview
- Embed security into the SDLC
- Integrate security activities across all SDLC phases: requirements, design, implementation, testing, deployment, and maintenance.
- Partner closely with engineering teams to ensure secure development practices are applied consistently.
- Review security controls for new features, services, and architectural changes.
- Run threat modeling sessions (e.g. STRIDE) for new and existing systems.
- Identify threats, attack paths, misconfigurations, and insecure design patterns.
- Collaborate with engineers to ensure systems follow secure-by-design principles.
- Perform security-focused code reviews to identify vulnerabilities and risky implementations.
- Provide clear, actionable guidance on secure coding patterns and best practices.
- Assess application and system architectures from a security perspective.
- Perform manual and automated web application security testing (e.g. injection flaws, auth issues, access control gaps, insecure configs, logic flaws).
- Operate, tune, and improve AppSec tooling (SAST, DAST, SCA, secrets scanning, dependency scanning).
- Integrate and automate security checks within CI/CD pipelines.
- Identify gaps in tooling and recommend or introduce improvements.
- Support engineering teams during application security incidents or vulnerability disclosures.
- Contribute to triage, impact assessment, and root cause analysis.
- Ensure lessons learned are fed back into design, tooling, and processes.
- Enable engineers through training, documentation, and hands-on guidance.
- Create and maintain secure coding guidelines, checklists, and internal resources.
- Act as a trusted security partner, not a blocker.
Requirements
- Strong understanding of secure software development principles.
- Solid knowledge of common vulnerability classes (OWASP Top 10, CWE).
- Experience working within modern SDLCs and agile development workflows.
- Hands-on experience with application security tools (SAST, DAST, SCA, etc.).
- Experience integrating security tooling into CI/CD pipelines.
- Experience with web application security testing.
- Ability to assess risk pragmatically and prioritize remediation.
- Understanding of cloud-native architectures, APIs, and microservices.
- Background working closely with product and engineering teams.
Tech Stack
- Cloud
- Microservices
- SDLC
Benefits
- Fully remote work.
- Work-from-anywhere scheme (travel and work).
- Flexible working hours.
- Health and life insurance program.
- Learning & development budget.
- Tech-driven, friendly team with a international mindset.