Senior Application Security Engineer

TL;DR

Senior Application Security Engineer: Embed security into SDLC, conduct threat modeling and secure code reviews for subscription commerce platform with an accent on practical AppSec practices and tooling integration. Focus on identifying vulnerabilities early, automating security checks in CI/CD, and enabling engineering teams through training and guidance.

Location: Fully remote (work-from-anywhere scheme), Greece mentioned

Company

Global leader in subscription commerce platform automating workflows for IT distributors, MSPs, and telcos.

What you will do

• Integrate security across all SDLC phases and partner with engineering teams on secure practices.
• Run threat modeling sessions using STRIDE to identify threats and ensure secure-by-design principles.
• Perform security-focused code and architecture reviews with actionable guidance.
• Conduct manual and automated web app security testing and improve AppSec tooling like SAST, DAST, SCA.
• Integrate security checks into CI/CD pipelines and support incident response.
• Enable engineers via training, documentation, and secure coding guidelines.

Requirements

• Strong understanding of secure software development principles.
• Solid knowledge of OWASP Top 10 and CWE vulnerabilities.
• Experience with modern SDLCs, agile workflows, and AppSec tools (SAST, DAST, SCA).
• Hands-on web application security testing and CI/CD security integration.
• Ability to assess risks, prioritize remediation, and work with cloud-native architectures, APIs, microservices.
• Background collaborating closely with product and engineering teams.

Nice to have

• Exposure to security metrics, maturity models, or AppSec program building.

Culture & Benefits

• Fully remote work with work-from-anywhere scheme including travel.
• Flexible working hours.
• Health and life insurance program.
• Learning & development budget.
• Tech-driven, friendly international team.