Job Description

Location: Remote

Contract Duration: 6 months (with possibility of extension)

Contract details: B2B/ PFA or SRL

Role Overview

We are looking for an Application Security Engineer to enable secure-by-default delivery of applications and AI-enabled services, while maintaining high engineering velocity.

The role focuses on embedding security into CI/CD pipelines, enabling automated and scalable security controls, and working closely with engineering teams to ensure security findings are actionable, prioritized, and do not slow down delivery.

Key Responsibilities

DevSecOps Enablement

Ensure DevSecOps pipelines are onboarded and operationalized with appropriate security tooling, including:
- SCA (Software Composition Analysis)
- SAST (Static Application Security Testing)
- DAST (Dynamic Application Security Testing)
Provide consistent, automated application security coverage across builds and releases.
Support teams in integrating security controls into existing CI/CD workflows with minimal friction.

Application & AI Security

Reduce application and AI-specific security risks by embedding secure design and implementation patterns for:
- agent orchestration
- APIs and service integrations
- model interactions and data flows
Advise engineering teams on secure architecture and implementation best practices for modern and AI-enabled applications.

Security Tooling & Adoption

Enable rapid adoption of application security tooling (e.g. Checkmarx, Aikido, or similar).
Ensure security findings are:
- actionable
- properly prioritized
- trusted by engineering teams
Provide clear remediation guidance and support teams in resolving identified vulnerabilities.

Security Quality & Release Governance

Define and enforce security quality gates and risk thresholds within CI/CD pipelines.
Enable informed release decisions based on risk, without introducing manual approvals or delivery bottlenecks.
Continuously improve security controls based on threat trends, engineering feedback, and lessons learned.

Required Skills & Experience

Application Security & DevSecOps

Proven experience in Application Security Engineering or DevSecOps roles
Strong understanding of:
- secure application design principles
- OWASP Top 10
- common web and API vulnerabilities
Hands-on experience implementing and operating SAST, DAST, and SCA tooling

CI/CD & Engineering Collaboration

Experience working with modern CI/CD pipelines (e.g. GitHub Actions, GitLab CI, Azure DevOps, Jenkins)
Ability to embed security controls into pipelines without slowing development teams
Strong collaboration skills with software engineers and platform teams

Tooling & Automation

Experience with application security tools such as:
- Checkmarx
- Aikido
- or equivalent AppSec platforms
Ability to automate security checks and integrate findings into developer workflows

Nice-to-Have

Experience securing AI or ML-enabled applications
Familiarity with container and cloud-native environments
Knowledge of infrastructure-as-code security concepts
Experience defining risk-based release criteria in large engineering organizations

Staff Security Engineer

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interes

infosec
engineer

Senior Product Security Analyst

We are seeking a highly capable and pragmatic Senior Product Security Analyst to safeguard our products, platforms, and customers as we scale. This is a senior individual

Senior
infosec
product manager
analyst
exec

[Wattpad] Senior Security Engineer

As a Sr. Security Engineer, you’ll be working closely with the Engineering, Data, and Product teams to embed security into the evolution of our systems. You will play a p

Senior
infosec
engineer

Senior Security Engineer - Incident Response

To learn the Hiring Ranges for this position, please select your location from the Apply Now dropdown menu. To learn more about our Hiring Range System, please click th

engineer
infosec

Application Security Engineer (DevSecOps)