Our client is a global leader in enterprise orchestration, helping over 400,000 businesses worldwide streamline their operations with its AI-powered platform. They are looking for a highly accomplished Security Engineer - AppSec. This is a full-time, permanent, remote position ideally based in Spain, Portugal, or Bulgaria.
Requirements
● Bachelor's degree in Computer Science, Cybersecurity, or a related technical field.
● 4+ years in cybersecurity or software engineering, with at least 2 years focused on application or product security.
● Strong understanding of software development processes and ability to speak the language of engineers.
● Proficiency in one or more programming and scripting languages (e.g., Ruby, Java, Python, JavaScript, Bash).
● Hands-on experience with vulnerability scanners and security testing tools.
● Strong knowledge of threat modeling and security architecture reviews.
● AI/ML security experience, including risk assessment and prevention guidelines.
Advantages
● Master's degree in a relevant field
● Prior experience as an application or product security engineer in a SaaS or cloud-native environment
● Advanced certifications (CISSP, OSCP, GPEN, GCIH, GIAC)
● Experience with DevSecOps and security automation
● Network security and encryption standards expertise
● Incident management and response experience
● AWS Security Specialty certification or equivalent cloud security certification
● Expertise in AWS security services (EKS, IAM, KMS, GuardDuty, CloudTrail)
Key responsibilities include:
● Secure SDLC Integration: Embed with engineering teams to ensure security is part of every phase of the development lifecycle, from design to deployment.
● Threat Modeling & Design Reviews: Conduct early-stage threat modeling and participate in architectural and design reviews to identify and mitigate risks proactively.
● Security Enablement: Act as a security champion within product teams by providing training, building security knowledge, and driving adoption of secure coding practices.
● Code & Pipeline Reviews: Perform code reviews with a security lens and provide guidance on CI/CD pipeline security.
● Vulnerability Discovery & Triage: Identify and prioritize vulnerabilities using static/dynamic analysis and manual review, and work with developers on remediation strategies.
● Security Tooling & Automation: Collaborate with the broader ProdSec and DevOps teams to improve tooling and automate security feedback loops.
● Cross-Functional Collaboration: Partner with Product, SecOps, and Platform teams to align security with product goals and agile workflows.
● Security Advocacy: Help scale security awareness through documentation, workshops, and informal coaching embedded in daily engineering practice.
● Security Automation: Design and implement automated security tools and processes to improve detection, response, and compliance efficiency. This role offers the opportunity to secure mission-critical systems deployed globally while working with cutting-edge AI and cloud technologies. If you're looking to make a significant impact on enterprise security, this could be perfect for you.