Application Security (AppSec) Engineer

TL;DR

Application Security (AppSec) Engineer: Implement SSDLC with development teams and analyze security of web/mobile products with an accent on vulnerability remediation and current threat protection. Focus on building secure development processes, conducting white box testing, and developing code protections against emerging threats.

Location: Lisbon, Portugal (office-first, remote up to 52 days per year)

Company

International tech-centric group of e-commerce companies including shopping platform, B2B marketplace, data analytics, and pharmaceutical marketplace; offices in China, Brazil, Portugal, Latvia, Germany; headquarters in Lisbon.

What you will do

• Implement SSDLC practices with development teams
• Analyze security of company products
• Assist teams in addressing and remediating vulnerabilities
• Stay informed on current threats and develop corresponding code protections

Requirements

• 3+ years in web/mobile application security
• Experience securing mobile and web applications
• Experience building secure development processes (SSDLC)
• Experience with white box testing
• Knowledge of *NIX systems and basic network protocols

Nice to have

• Experience in bug bounty programs
• Relevant information security certifications (e.g., OSCP, CompTIA Security+)
• CVE authorship
• Proficiency in Go, Python, or Java

Culture & Benefits

• Office-first with flexible hours, remote 52 days/year, 22 days paid annual leave
• Health insurance (including dental) for employees and children, daily meal allowance, 100% paid sick leave
• Collaboration across Portugal, Brazil, Latvia, China; promotions, professional trainings, English courses
• Annual team building, knowledge-sharing workshops, strong team work