Application Security Engineer (Cataluña)

Amaris Consulting in Spain, Cataluña is seeking a CISOC Application Security Engineer to enhance security practices within development workflows. The ideal candidate will have around 3 years of experience in DevSecOps or application security, strong analytical and communication skills, and hands-on experience with SAST tools and CI/CD pipelines.

The role offers personal growth through a tailored career path, remote work options, and benefits such as health insurance and training budget., * Implement and manage SAST tools, ensuring effective integration.

• Conduct security assessments using SAST tools.
• Train teams on secure coding best practices.

Conocimientos

DevSecOps Application Security SAST tools Secure coding practices CI/CD pipelines (Jenkins) Kubernetes/OpenShift Python PowerShell Bash Analytical skills Communication skills Descripción del empleo

Take your career to the next level with Amaris Consulting as a CISOC Application Security Engineer. Become part of an international team, thrive in a global group with €800M turnover and 1,000+ clients worldwide, and an agile environment by planning the kickoff and follow up on projects. Join Amaris Consulting, where you can develop your potential and make a difference within the company., * Implement and manage SAST tools across the organization, ensuring effective integration into development workflows

• Conduct security assessments of applications using SAST tools and support teams in remediation
• Train and guide development teams on SAST usage and secure coding best practices
• Contribute to the development and enforcement of application security policies, standards, and procedures
• Help to define and improve vulnerability management frameworks and working structures
• Research, classify, and analyze security events and vulnerabilities detected by tools and processes
• Act as a point of contact for managing and delivering various vulnerability and remediation reports
• Collaborate closely with IT and project stakeholders to deliver and implement technology solutions that improve productivity, processes, and security
• Work within the BI / reporting framework, following defined processes and ensuring compliant documentation according to SOPs and working instructions
• Present vulnerability management status and updates to risk & information security teams, technology SMEs, and management

Benefits

• Grow rapidly with a tailored career path and salary evaluation - 70% of our senior leaders started at entry level
• Enhance your skills through our Tech Academy catalog, Udemy E-learning Platform, language sessions, webinars, and workshops
• Take charge of your training with an annual personal budget and company-paid certifications
• Enjoy adaptable policies, remote work options, and social benefits such as transit and restaurant tickets, kindergarten support, and private health insurance
• Benefit from our WeCare program, supporting employees in critical situations

• Around 3 years of experience in DevSecOps or application security.
• Hands-on experience with SAST tools and CI/CD pipelines.
• Professional proficiency in English, additional languages are a plus., * Around 3 years of experience
• Strong background in DevSecOps and application security
• Hands-on experience implementing and managing SAST tools (Static Application Security Testing)
• Solid understanding of secure coding practices and software development lifecycles
• Experience working with CI/CD pipelines, ideally Jenkins
• Knowledge of container orchestration platforms such as Kubernetes and/or OpenShift
• Proficiency in scripting languages such as Python, PowerShell, or Bash
• Ability to collaborate closely with IT teams, developers, and security stakeholders
• Strong analytical skills to research, classify, and analyze security events and vulnerabilities
• Good communication skills to train, guide, and influence development teams and present to management
• A structured, documentation-oriented mindset, comfortable working with SOPs and defined processes
• Professional proficiency in English (spoken and written); additional languages are a plus