Application Security Engineer

TL;DR

Application Security Engineer (PHP/JavaScript/AWS): Securing web application and AWS-native infrastructure with an accent on embedding security into SDLC, bot protection, and vulnerability management. Focus on designing controls, CI/CD integration, threat modeling, secure code reviews, and compliance efforts.

Location: Join hirify.global IT team in Porto with remote work option

Salary: €60,000–€75,000 gross annual

Company

SaaS platform hirify.global.com focused on employer reviews and user trust.

What you will do

• Design, implement, and improve application security controls for PHP/JavaScript web app
• Embed security into CI/CD pipelines using GitHub Actions
• Perform secure code reviews, threat modeling, and architecture reviews
• Analyze traffic, detect bots/scraping, and define AWS WAF/Shield protections
• Operate SAST/DAST/dependency scanning and automated security tests
• Collaborate on securing AWS workloads (ECS, ALBs, Lambdas) and monitor security events
• Lead vulnerability management, shape policies, support incident response and compliance

Requirements

• Fluent in English
• Strong experience in application security for PHP web apps
• Web security fundamentals (OWASP Top 10, auth, sessions, input validation)
• Hands-on with AWS security: Security Hub, GuardDuty, CloudTrail, WAF & Shield
• Securing ECS (EC2/Fargate), ALBs, Lambdas
• SAST/DAST/dependency tools (Snyk, Dependabot, Trivy, OWASP ZAP, Burp)
• Secure design patterns, CI/CD security tests, GitHub Actions, scripting (Bash/Python)
• Strong communication for developer collaboration

Nice to have

• Portuguese language skills

Culture & Benefits

• Remote work option and up to 12 weeks workation
• Trust-based working hours and communication on equal terms
• Bring your dog to office, mobile devices for private use
• Drinks, food, goodies, transparent competitive salary
• Board Q&A sessions