The Senior Application Security Engineer at airSlate will conduct comprehensive security testing of web, mobile, and network-based applications, performing security assessments, identifying risks, and advocating for necessary fixes in collaboration with product and engineering teams.
The role involves collaborating with product and compliance teams to ensure adherence to security standards and frameworks such as PCI DSS, SOC 2, and CASA, and assisting in audit and external assessment preparations.
The engineer will provide guidance on secure development practices at all stages of the Software Development Life Cycle (SDLC), including architecture reviews, threat modeling, and risk assessments to support secure-by-design solutions.
Responsibilities include managing and maintaining security automation tools such as SAST, DAST, SCA, and others, ensuring effective vulnerability detection, reporting, and integration into CI/CD workflows.
The position supports incident response efforts, including investigation, triage, containment, and post-mortem analysis across various scenarios (application-level, infrastructure, user-related, etc.).
The engineer will configure and monitor CDN, Web Application Firewalls (WAF), and bot management solutions to enhance application security.
The role requires applying a strong generalist security foundation to various tasks, including cloud security best practices (AWS/GCP), endpoint protection, user security awareness initiatives, development and enforcement of information security policies, and threat modeling and risk assessment methodologies (e.g., STRIDE).
Requirements:
A Bachelor's degree in a technical field such as Computer Science, Information Security, or Engineering from a technical university is required.
Candidates must have at least 4 years of professional experience in information security, application security, or a related domain.
Hands-on experience in performing security assessments and understanding system architecture is essential.
Strong communication skills are necessary to effectively collaborate and drive remediation efforts.
Experience with security automation tools and integrating them into CI/CD workflows is required.
Knowledge of compliance standards and frameworks is necessary for this role.
Proficiency in incident response and post-mortem analysis is expected.
The ability to provide security guidance throughout the SDLC is essential.
A C1 level English proficiency (both written and spoken) is required.
Benefits:
The position offers a flexible work environment, prioritizing in-person collaboration while accommodating remote or hybrid options and flexible scheduling.
Team members receive a competitive base salary along with quarterly bonuses to recognize achievements, time, and effort.
Stock options are provided, granting ownership in the company and allowing team members to share in its growth.
Professional growth opportunities are available, including coverage for professional development courses, conferences, literature, and English classes.
Health and well-being are prioritized, with benefits including a Luxmed subscription, a Multisport card, access to the office's massage room, free lunches, and healthy in-office snacks. Mental Health Days are also provided to encourage team members to recharge.
Open communication is encouraged, allowing team members to share thoughts, ideas, and concerns with management and leadership at any time.