We are looking for a Senior Application Security Specialist to work in a high-technology environment with a strong culture of collaboration, innovation, and security.

What you will do

• Work with AppSec, Secure Coding, and DevSecOps
• Conduct in-depth security analyses of APIs
• Support code reviews in Java, Python, .NET or other relevant languages
• Conduct security assessments in cloud and cloud-native environments
• Collaborate with development, engineering, and product teams
• Translate technical risks into practical and actionable recommendations

Requirements and qualifications

• Solid experience in Application Security
• Mastery of OWASP Top 10, OWASP ASVS, OWASP MASVS and API Security Top 10
• Experience with SAST, DAST, and SCA
• Experience with tools such as Checkmarx, GitLab Security, Snyk, Veracode, Fortify, SonarQube or Blackduck
• Knowledge in AWS and Azure
• Experience with threat modeling using STRIDE
• Familiarity with security practices in CI/CD
• Knowledge in TLS, secure hashing, secure storage, OAuth2, OIDC, JWT, and mTLS
• Experience with secure architectures, such as Zero Trust and Defense in Depth

Desirable differentials

• Participation in pentests, vulnerability exploitation, or bug bounty
• Experience with GraphQL and complex microservices
• Knowledge in IaC scanners, such as Checkov, Tfsec, and Kics
• Knowledge in container scanners, such as Trivy, Anchore, and Clair
• Certifications such as OSWE, OSCP, GWAPT, GWEB, eWPT, eCPPT, CEH, CSSLP
• Cloud certifications, such as Security Specialty or AZ-500

Expected soft skills

• Critical thinking and analytical vision
• Good communication to translate technical topics into risks and solutions
• Ability to influence and engage with different areas
• Organization to handle multiple demands
• Collaborative posture, focused on mentoring and building trust

Apply

If you have experience with AppSec and want to work in a team that values technical depth, collaboration, and real security, we want to get to know your profile.