Senior Application Security Engineer (Cybersecurity)

TL;DR

Senior Application Security Engineer (Cybersecurity): Architecting and implementing secure systems from cloud infrastructure to applications, enforcing "secure by design" principles and integrating security into CI/CD pipelines. Focus on security architecture, threat modeling automation, and ensuring product security during cloud migrations.

Location: The primary office is in Belgrade, Serbia. Global Remote Mobility is available for Senior roles in selected jurisdictions (Cyprus, Malta, Portugal, Poland, Serbia). A relocation package is offered for employees and their family members to these countries.

Company

hirify.global is a global company creating end-to-end tech products for clients across Fintech, iGaming, and Marketing.

What you will do

• Design security architecture from cloud infrastructure to applications using "secure by design" principles.
• Collaborate with product managers, architects, and developers to implement security controls within the platform and products.
• Prove security implementations in infrastructure and application deployment manifests and CI/CD pipelines.
• Define policies, controls, and capabilities for product and environment protection.
• Build and validate declarative threat models automation.
• Oversee product security for migration from Data Center to public cloud (e.g., AWS).

Requirements

• Experience integrating security scanning/tooling into the development pipeline.
• Experience analyzing and securing microservices and applications developed with JavaScript and Typescript.
• Experience with CI/CD pipelines (e.g., Gitlab, Jenkins) and infrastructure-as-code models (e.g., Terraform, Helm, CloudFormation).
• Hands-on development experience in Python/shell scripting.
• Strong understanding of supply chain security, software integrity, and secure software delivery.
• Experience with Docker and mesh technologies (e.g., ISTIO).

Nice to have

• In-depth experience with architecting secure services on Kubernetes.
• Extensive experience with architecting secure services on AWS or on-prem data centers.
• Security-related professional certifications (e.g., CISSP, CISM, CCSK, CCSP, CEH).
• Knowledge of privacy laws and regulations, such as GDPR.

Culture & Benefits

• Learning and development opportunities.
• Partial compensation for Spanish classes (for localization purposes).
• Global coverage health insurance.
• 23 working days of annual vacation and additional paid sick days.
• Competitive remuneration level with annual review.
• Teambuilding activities.