Senior Application Security Engineer (AppSec)

TL;DR

Senior Application Security Engineer (AppSec): Integrating security into the SDLC, design, and operation of a subscription commerce platform with an accent on threat modeling and secure-by-design practices. Focus on automating security checks in CI/CD pipelines and performing manual and automated web application security testing.

Location: Remote (Must be based in Romania)

Company

hirify.global enables IT distributors, MSPs, and telcos to succeed in the subscription economy via an automated subscription commerce platform.

What you will do

• Integrate security activities across all SDLC phases from requirements to maintenance.
• Conduct threat modeling sessions (e.g., STRIDE) to identify attack paths and insecure patterns.
• Perform security-focused code and architecture reviews to provide actionable guidance.
• Operate and tune AppSec tooling (SAST, DAST, SCA) and automate checks within CI/CD pipelines.
• Support incident response, triage, and root cause analysis for security vulnerabilities.
• Develop secure coding guidelines and provide training to engineering teams.

Requirements

• Strong understanding of secure software development and OWASP Top 10/CWE.
• Hands-on experience with AppSec tools such as SAST, DAST, and SCA.
• Experience integrating security tooling into CI/CD pipelines.
• Proficiency in web application security testing.
• Knowledge of cloud-native architectures, APIs, and microservices.
• Must be based in Romania.

Nice to have

• Exposure to security metrics, maturity models, or AppSec program building.

Culture & Benefits

• Fully remote work with a work-from-anywhere scheme.
• Flexible working hours.
• Health and life insurance program.
• Dedicated learning and development budget.
• International, tech-driven team environment.