Application Security Engineer, SAST, OWASP
Braga, Braga, Portugal
Full Time
2 hours ago
$2,565 - $3,420 EUR
No Sponsorship
Key skills
JavaJavaScriptPythonTypeScriptGo.NETC#CCommunicationOWASP
About this role
Role Overview
- Perform static code analysis across Java, .NET/C#, JavaScript/TypeScript, Go, Python, and open-source libraries.
- Advise AppSec and Dev teams on mitigation strategies aligned to OWASP Web Top 10 (2021), OWASP API Security Top 10 (2023), OWASP Mobile Top 10, and PCI-DSS v4.0.
- Develop proof-of-concept exploits to demonstrate vulnerability exploitability and support prioritisation decisions.
- Support customer teams in triaging and analysing complex application security findings.
- Occasional international travel to customer sites (< 10% of time).
Requirements
- 5+ years of hands-on software development in one or more of: Java, .NET/C#, JavaScript/TypeScript, Go, Python.
- 5+ years conducting security-focused code reviews, with solid knowledge of OWASP Web Top 10 (2021), OWASP API Security Top 10 (2023), OWASP Mobile Top 10, and PCI-DSS v4.0.
- Proven SAST experience — ability to identify, classify, and prioritise vulnerabilities across diverse codebases.
- Hands-on experience creating proof-of-concept exploits to illustrate real-world attack vectors.
- Strong communication skills — able to translate security findings into actionable guidance for both technical and non-technical stakeholders.
- Proactive, self-managed working style suited to a distributed team environment.
- Fluent English (written and spoken) — required for all customer-facing engagements.
- Bachelor's degree (or equivalent) in Computer Science, Information Security, or a related technical discipline.
Tech Stack
- Java
- JavaScript
- Python
- TypeScript
- Go
- .NET
Benefits
- 15th month salary
- Health insurance covering your family
- Birthday off
- Mobility program for digital nomads
- Real work-life balance
- Full benefits