Application Security Engineer (Cybersecurity)

TL;DR

Application Security Engineer (Cybersecurity): Implementing security controls and conducting vulnerability analysis across the software development lifecycle with an accent on DevSecOps and secure SDLC. Focus on performing secure code reviews, threat modelling, and integrating SAST/DAST/SCA tools into CI/CD pipelines.

Location: Hybrid, Porto, Portugal

Company

Specialized IT consulting partner with 18 years of experience helping clients make the right decisions in a fast-moving market.

What you will do

• Analyze, track, and remediate application vulnerabilities based on OWASP Top 10 and API Top 10.
• Implement and manage SAST, DAST, and SCA tools and interpret pentest results.
• Conduct secure code reviews and threat modelling.
• Secure cloud environments within AWS and Azure.
• Integrate security controls into CI/CD pipelines for modern microservices architectures.
• Collaborate with development, DevOps, and security teams to ensure robust security posture.

Requirements

• Professional experience in Application Security, DevSecOps, or Cybersecurity.
• Strong knowledge of Secure SDLC and vulnerability analysis.
• Hands-on experience with AWS and/or Azure cloud security.
• Experience with APIs and microservices architectures.
• Fluent English (spoken and written).
• Location: Must be based in or able to work hybrid in Porto, Portugal.

Culture & Benefits

• No-term full-time contract with health insurance.
• 26 days of paid vacation annually (including carnival and holiday days).
• Meal allowance provided via Coverflex and referral bonuses.
• Annual budget for professional training.
• Team-oriented culture within a dynamically growing international company.