Location: Remote / Europe
We are seeking a skilled Application Security Engineer to strengthen the security posture of web and API-based applications. The role focuses on integrating security into the SDLC, managing security tools, identifying vulnerabilities, and working closely with engineering teams to drive timely remediation.
Your expertise:
Bachelor’s degree in Computer Science, Information Security, or related field
3–6 years of experience in Application Security or related domain
Hands-on experience with SAST, DAST, and vulnerability scanning tools
Strong understanding of OWASP Top 10, web application and API security
Experience with CI / CD pipeline integrations (e.g., Jenkins, GitHub Actions, GitLab)
Knowledge of secure coding practices and common vulnerability patterns
Familiarity with scripting (Python, Bash, or similar) is a plus
Will definitely be a plus:
Experience with threat modeling and secure design reviews
Exposure to red teaming or penetration testing techniques
Relevant certifications (e.g., OSCP, CEH, GWAPT) are a plus
You will be involved into:
Application Security Engineering
Provide security engineering support for web and API applications
Integrate security controls into the Secure SDLC, including threat modeling and security design reviews
Ensure adherence to organizational security standards and best practices
Vulnerability Scanning & Tool Administration
Administer and manage vulnerability scanning tools (e.g., Tenable or similar)
Configure, tune, and maintain scanning policies and schedules
Optimize tool performance to improve accuracy and reduce false positives
SAST & DAST Integration
Implement and maintain SAST and DAST tools within CI / CD pipelines
Configure detection rules and improve result reliability
Collaborate with engineering teams to ensure seamless integration and actionable outputs
Vulnerability Discovery & Risk Prioritization
Identify and validate vulnerabilities through automated and manual testing
Perform false-positive analysis and assess exploitability
Provide risk-based prioritization aligned with business impact
Operational Execution & Remediation
Review scan results and track vulnerabilities to closure
Coordinate with development teams for timely remediation
Ensure adherence to defined workflows and SLAs
Red Team & Offensive Security Techniques
Validate vulnerabilities using manual testing and offensive security methods
Develop proof-of-concept exploits where required
Document attack paths, reproduction steps, and impact clearly
Security Testing & Bug Validation
Perform manual and automated security testing for applications and APIs
Reproduce and validate reported issues across environments
Verify remediation effectiveness before closure
About the company and project:
ZONE3000 is looking for an Application Security Engineer for our client — a leading global collaboration platform that is transforming the way people work together, from the smallest businesses to the largest enterprises. With over 500 million registered users across more than 180 countries, its products are designed to create a more enlightened way of working.
Відгукнутись на вакансію



