Application Security Engineer (Remote in Bulgaria, Germany, Italy, Serbia, Turkey)

ConstructorTech is on a mission to enable educational organizations to provide high-quality digital education efficiently. They are seeking an Application Security Engineer to enhance their secure SDLC and software supply chain risk reduction efforts through web application security design and vulnerability testing.

Responsibilities:

• Perform threat modeling, security architecture review, and design analysis for web applications and APIs
• Conduct manual and automated security testing during development and pre-release stages
• Design and implement security pipelines (including SAST and DAST) and integrate them into the SDLC process
• Implement and manage SBOM generation and consumption processes across the SDLC
• Collaborate with development teams to ensure timely remediation of identified vulnerabilities
• Maintain security guidance aligned with OWASP best practices and provide trainings for development teams
• Stay current with evolving application security threats, tools, and industry developments

Requirements:

• 3–5 years of experience in application security, with a focus on web applications and API security
• Good knowledge of at least one scripting or programming language (e.g., Python, JavaScript, C#, or Go)
• Experience with tools like OWASP ZAP, Burp Suite, Snyk, or similar
• Familiarity with secure coding, DevSecOps, and container security concepts
• Strong understanding of CVE, CVSS, and vulnerability disclosure workflows
• Excellent command of business English
• Knowledge of SBOM standards (CycloneDX, SPDX) and experience integrating SBOM tooling into CI/CD pipelines
• Knowledge of software composition analysis (SCA) tools