Application Security Engineer

Overview:

SOFTSWISS is growing, and we are seeking a skilled Application Security Engineer to join our team. If you are driven by excellence and share our values, we would love to hear from you.

Purpose of the role:

Our goal is to make sure that we deploy secure software to production without unnecessary bottlenecks, that applications are properly hardened, and security vulnerabilities, once discovered, are fixed by the developers.

As an Application Security Engineer, you will play a crucial role in ensuring the security of our applications throughout the entire software development lifecycle (SDLC). You will partner closely with the product teams to identify, analyze, and mitigate security vulnerabilities, contributing to the creation of trustworthy and robust products.

Key responsibilities:

• Partner with product teams during the design phase to facilitate threat modeling and risk assessment sessions.

• Perform in-depth manual code reviews on critical applications to identify logical vulnerabilities as part of white-box security assessments.

• Tune and adjust rulesets for automated security scanning tools to reduce false positives and improve detection rates.

• Develop scripts and automation tools to streamline workflows and free up time for more complex analysis.

• Assist developers in understanding security risks and threats discovered during risk assessments, threat modeling, and dynamic testing.

• Triage vulnerabilities from the bug bounty program, collaborating with external researchers and internal engineering teams to resolve discovered flaws.

• Collaborate with Dev/QA teams throughout the development lifecycle to enhance the application's security posture by providing dedicated security consulting, continuous knowledge sharing, and actionable guidance.

• Develop and maintain the internal security knowledge base, including comprehensive secure coding guidelines and technical manuals for standard security features.

Required Experience:

• 1.5+ years of experience in application security, software development, or related technical roles.

• Solid understanding of web fundamentals (e.g., HTTP/HTTPS protocols, cookie storage mechanisms, and session management).

• Knowledge of web application security mechanisms and controls (e.g., SOP, CORS, CSP).

• Comprehensive understanding of common web vulnerabilities (e.g., OWASP Top 10) and their practical mitigation strategies.

• Knowledge of secure system and application architecture alongside secure-by-design principles.

• Practical, hands-on expertise in identifying vulnerabilities through manual security assessments and secure code reviews.

• Ability to clearly articulate and explain the business impact of identified threats and vulnerabilities to developers and product teams.

• A strong security-first mindset with a continuous drive to learn and achieve excellence in the cybersecurity field.

• University degree in Computer Science, Information Security, or a related field (or an equivalent combination of education and practical experience).

• English and Russian proficiency at an upper-intermediate level (B2+).

Nice to have:

• Passion about programming.

• Technical knowledge of network and operating systems security.

• Hands-on DevSecOps experience.

• Practice of participation in bug bounty programs and/or CTFs.

• Knowledge of SAST/DAST tools, including customization.

• Relevant certifications (i.e., BSCP, eWPT, etc.).

Our Benefits:

• Full-time remote work opportunities and flexible working hours

• Private insurance

• Additional 1 Day Off per calendar year

• Sports program compensation

• Comprehensive Mental Health Programm

• Free online English lessons with a native speaker

• Generous referral program

• Training, internal workshops, and participation in international professional conferences and corporate events.