Application Security Engineer

Nebius
3 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate
Compensation
€ 10K

Job location

Remote

Tech stack

Java
JavaScript
Software System Penetration Testing
Authentication Protocols
Burp Suite
Python
Linux kernel
OpenID
Open Web Application Security
Systems Development Life Cycle
Security Assertion Markup Language (SAML)
Secure Coding
Software Engineering
Web Applications
Software Security
Kubernetes
Go

Job description

The Security Engineering Team within the Platform Security organization is responsible for the strategic selection, implementation, management, and optimization of cybersecurity tools and technologies that improve security capabilities of the organization's platform. This team is instrumental in fortifying the security posture, proactively identifying and responding to security threats, ensuring the resilience and protection of critical data, systems, and services., * Build and maintain ASPM tools and their rules.

  • Identify, analyze, and remediate application security vulnerabilities using tools like ASPM.
  • Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC).
  • Conduct manual and automated penetration testing of applications.
  • Develop and maintain secure coding guidelines for development teams.
  • Facilitate threat modeling and risk assessments on new and existing applications.
  • Stay updated on the latest security threats, vulnerabilities, and mitigation techniques.
  • Serve as an application security subject matter expert to other teams.

Requirements

Do you have experience in Security?, * 4+ years of experience in application security.

  • Strong knowledge of common application security risks (e.g. OWASP Top 10) and how to mitigate them.
  • Experience with secure coding practices in languages such as Python, Go, Java, or JavaScript.
  • Proficiency in a common programming language (such as Go or Python) with a willingness to learn Go, if necessary.
  • Hands-on experience with security testing tools (Burp Suite, ZAP, Semgrep, etc.).
  • Understanding of authentication protocols like SAML or OIDC.
  • Experience in conducting threat-modeling sessions.
  • Strong problem-solving and analytical skills.
  • Good written and verbal communication skills in English.
  • Willingness to learn new things.
  • Being comfortable working independently.

It would be an added bonus if you had:

  • Confidence in presenting your ideas and opinions in a manner that can be challenged, while responding well to feedback.
  • Deep k8s knowledge & understanding
  • Experience in designing, building, and maintaining security automation.
  • Experience in translating compliance and regulation requirements into technical specifications.
  • Experience in exploiting vulnerabilities in web applications, Linux kernels, containers, and networks.
  • Security certifications such as OSCP or OSWE.

We conduct coding interviews as part of the process.

Benefits & conditions

  • Competitive salary and comprehensive benefits package.
  • Opportunities for professional growth within Nebius.
  • Flexible working arrangements.
  • A dynamic and collaborative work environment that values initiative and innovation.

Apply for this position