Application Security Engineer

• Own and manage Bug Bounty programs: triage reports and validate findings.
• Collaborate to propose and support remediation of security issues.
• Write or review pull requests to fix security vulnerabilities., * Own and manage our Bug Bounty programs: triage reports, validate findings, and reproduce PoCs
• Collaborate with developers and product owners to propose and support remediation of security issues
• Write or review pull requests to fix security vulnerabilities directly in the codebase
• Validate results from external pentests and integrate them into the development backlog
• Contribute to threat modeling, code review, and security design discussions
• Support the Secure Development Lifecycle (SAST, dependency scanning, security automation in CI/CD)
• Perform lightweight pentesting of new features and releases when needed
• Maintain clear documentation to support AppSec processesCoordinate security communication between Security, Developers, and Product for faster resolution of security tickets

Swapcard in Barcelona is looking for a developer with hands-on security experience to manage Bug Bounty programs. You will triage security reports and collaborate with developers to fix vulnerabilities.

The ideal candidate should have a solid grasp of application security and modern development practices. Strong problem-solving skills and communication are essential for this role.

Formación

• Previous experience as a developer (any modern backend/frontend stack).
• Solid understanding of common application vulnerabilities (OWASP Top 10, SSRF, IDOR, etc.).
• Strong problem-solving and communication skills with a "find and fix" mindset., Hands-on security experience Understanding of application vulnerabilities Problem-solving skills Familiarity with SAST/DAST tools Experience collaborating with developers

Herramientas

Burp Suite SonarQube Terraform Descripción del empleo Requirements

• Previous experience as a developer (any modern backend/frontend stack)
• Hands-on security experience through bug bounty programs, CTFs, or pentesting, and respective tools (eg. Burp Suite)
• Solid understanding of common application vulnerabilities (OWASP Top 10, SSRF, IDOR, etc.)
• Familiarity with SAST/DAST tools (e.g. SonarQube, Snyk)
• Experience collaborating with developers and product teams
• Strong problem-solving and communication skills with a "find and fix" mindset
• (Desirable) Experience creating or merging PRs for security fixes in production code
• (Desirable) Knowledge of secure coding practices in web and API development
• (Desirable) Familiarity with CI (Jenkins, GitLabCI…) and DevOps tools (Terraform, Helm…)
• (Desirable) Exposure to WAFs, anti-bot solutions, or related AppSec defenses
• (Desirable) Interest in contributing to security automation and developer enablement