Application Security Engineer

TL;DR

Application Security Engineer: Ensuring security of applications throughout the SDLC by partnering with product teams with an accent on threat modeling, manual code reviews, and vulnerability mitigation. Focus on tuning security tools, developing automation scripts, triaging bug bounties, and providing security consulting to developers.

Locations: Bulgaria, Georgia, Malta, Poland

Company

hirify.global is a growing company building secure software products.

What you will do

• Partner with product teams on threat modeling and risk assessments during design.
• Conduct manual code reviews on critical applications for logical vulnerabilities.
• Tune automated security scanning tools to minimize false positives.
• Develop scripts and tools to automate workflows.
• Triage vulnerabilities from bug bounty program and collaborate on resolutions.
• Provide security consulting and knowledge sharing to Dev/QA teams.
• Maintain internal security knowledge base with coding guidelines.

Requirements

• Intermediate or higher English (B2+) for technical communication.
• 1.5+ years in application security, software development, or related roles.
• Solid knowledge of web fundamentals (HTTP/HTTPS, cookies, sessions).
• Understanding of web security (SOP, CORS, CSP) and OWASP Top 10 mitigations.
• Expertise in secure architecture and manual vulnerability assessments.
• Ability to explain business impact of security issues.
• University degree in CS, InfoSec, or equivalent.

Nice to have

• Programming passion.
• Network/OS security knowledge.
• DevSecOps experience.
• Bug bounty/CTF participation.
• SAST/DAST tools expertise.
• Relevant certifications (BSCP, eWPT).

Culture & Benefits

• Private insurance (depending on contract type).
• Paid gym membership.
• Comprehensive Mental Health Program.
• Free English lessons and local language courses.
• Paid time off (PTO) and maternity leave support.
• Upskilling, workshops, conferences, referral rewards.