Application Security Engineer

A global cloud subscription commerce platform that helps IT distributors, MSPs, and telcos streamline the entire SaaS lifecycle, from catalog and billing to vendor integrations and provisioning, is seeking an Application Security Engineer to embed security into the way modern software is designed, built, and operated.

The role

This role focuses on making security a natural part of everyday engineering — not an afterthought. You will work closely with product and engineering teams to identify risks early, strengthen secure-by-design practices, and continuously improve application security across the SDLC, in a hands-on AppSec role close to the code, architecture, and delivery pipelines. You will embed security practices across all phases of the SDLC (design, development, testing, deployment), partner with engineering teams to ensure secure development practices are consistently applied, run threat modeling sessions (e.g. STRIDE) to identify attack paths and design risks, and perform security-focused code and architecture reviews. You will conduct manual and automated web application security testing, operate and improve AppSec tooling (SAST, DAST, SCA, secrets scanning), and integrate and automate security checks within CI/CD pipelines. You will also track security metrics to drive continuous improvement of the AppSec program, support incident response, vulnerability triage, and root cause analysis, enable developers through training, documentation, and secure coding guidelines, and act as a trusted security partner to engineering teams.

What You'll Bring

• Strong understanding of secure software development principles.

• Solid knowledge of common vulnerabilities (OWASP Top 10, CWE).

• Experience working within modern SDLCs and Agile environments.

• Hands-on experience with application security tools (SAST, DAST, SCA).

• Experience with web application security testing.

• Ability to assess risk pragmatically and prioritize remediation.

• Understanding of cloud-native architectures, APIs, and microservices

Nice to Have

• Experience integrating security tooling into CI/CD pipelines.

• Background working closely with product and engineering teams.

• Exposure to security metrics, maturity models, or building AppSec programs.

What’s In It for You

Opportunity to shape and mature an application security program in a hands-on role with real impact on product and architecture decisions. You will collaborate closely with experienced product and engineering teams, gaining exposure to modern cloud-native and SaaS architectures, within a culture that values security enablement rather than gatekeeping.