Senior Application Security Engineer

About the Opportunity 

We are looking for a Senior Application Security Engineer to join our security team. You will play a key role in advancing and maturing our application security program by establishing secure development standards and embedding security throughout the entire software development lifecycle (SDLC). You will work closely with development, DevOps, and DevSecOps teams to ensure security is integrated from the outset, enabling the delivery of resilient and secure applications.

This position is fully-remote and requires to be permanently residing and authorized to work in Germany, France or United Kingdom.

Where You Will Make a Difference 

• Playing with and setting up tools like SAST, DAST, IAST, and RASP
• Managing vulnerabilities (keeping stuff patched and secure)
• Checking open-source code for security issues (OSA / SCA)
• Doing and improving code security reviews
• Hardening API security (REST, GraphQL)
• Doing threat modeling (STRIDE, PASTA, etc.) for new features
• Launching and running the bug bounty program! 
• Building a "Security Champions" program across the engineering teams
• Working with external teams on penetration tests
• Sharing your security knowledge with everyone
  

Who You Are

• Min. 5 years in AppSec or a similar security role
• Hands-on with SAST/DAST/IAST/RASP tools—especially Snyk and/or Acunetix

• Real-world experience with vulnerability management and threat modeling. (STRIDE, PASTA)
• Experience launching or managing a bug bounty program
• Experience with pentesting or working closely with pentest teams 
• Know your stuff when it comes to OWASP standards (ASVS, WSTG, etc.) and SSDLC principles
• Good at API security (REST, GraphQL)
• Can read and understand code in: PHP, JS, Go, C#, and C++ (especially Unity for desktop/mobile)
• Broad knowledge across application and infrastructure security
  
  

Nice to Have

• Security certs like OSCP, GWEB, CSSLP
• Experience with Unity / game engine security
• Familiar with cloud security (AWS, AliCloud)
• Know how to put security checks into CI/CD pipelines (GitHub Actions)
• Experience building a Security Champions program

Why Join Us 

• Awarded Best Managed Company of Switzerland by Deloitte in 2024 and 2025
• Bi-Annual Company Wide Trips (2023 Armenia 2025 Switzerland and more to come!) 
• Fully Remote Work from either Germany, UK or France
• High Flexibility 
• Employee-Focused Culture
• Innovative and Collaborative Team
• Great Working Conditions