We are looking for an Application Security Engineer to join the Application Security team of one of the largest financial institutions in Ukraine.
This role is a great fit for a professional who enjoys working in a dynamic environment, takes ownership of results, and shares the values of initiative, openness, and mutual trust.
The key focus of the role is to develop and scale secure software development practices across the organization, including Secure SDLC, AppSec Governance, security automation, threat modeling, and security architecture.
Requirements
- 3+ years of experience in Application Security or related areas such as penetration testing, security architecture, DevSecOps, or product security.
- Understanding of security scanners, including SAST, DAST, SCA, Secret Detection, and Container scanning.
- Experience with or understanding of integrating security tools into CI/CD pipelines, particularly Jenkins or GitLab.
- Knowledge of Secure Software Development Life Cycle and frameworks such as OWASP SAMM, BSIMM, and Microsoft SDL.
- Understanding of the software development process and its key stages.
- Basic understanding of software code and software architecture.
- Knowledge of key infrastructure components such as databases, queues, application servers, load balancers, NoSQL, etc.
- Understanding of major vulnerability types and approaches to identifying and mitigating them.
- Knowledge of network protocols such as DNS, HTTP/S, SMTP, SSH, and FTP.
- Ability to independently research information, solve complex problems, and propose practical solutions.
- Critical thinking and a structured approach to work.
Nice to have:
- Certifications such as CEH, OSCP, CSSLP, AWS Certified Security Specialty, or similar.
- Background in software development, business/system analysis, architecture, or DevOps.
Responsibilities
- Conduct security audits using the OWASP SAMM framework to assess current practices, identify gaps, and evaluate the organization’s AppSec maturity level.
- Develop and implement strategic plans to gradually improve security maturity across the organization.
- Develop Application Security Governance and related metrics.
- Collaborate with development teams, architects, DevOps, and management to promote and implement AppSec best practices.
- Improve the internal Application Security Management Platform.
- Contribute to security architecture and integrate security across all stages of the SDLC.
- Integrate and improve security automation tools.
- Oversee security testing across different stages of the software development lifecycle.
- Participate in threat modeling activities.
- Update security policies and standards and support compliance with relevant requirements.
- Track security-related defects and ensure timely remediation.
- Develop and conduct training and awareness programs for teams.
- Drive secure CI/CD practices across the development process.
- Use cloud services for application security needs.
We offer
- Work in one of the largest and most innovative financial institutions in Ukraine.
- Official employment.
- 24+4 calendar days of vacation.
- Paid sick leave.
- Medical insurance.
- Bonuses and premiums according to the company policy.
- Corporate training.
- A modern and comfortable office.
- Interesting projects, ambitious tasks, and dynamic growth.
- Corporate financial assistance in critical situations.
- A strong, professional, and friendly team.
- Possibility of remote work.