YoVA YoVA

Uspio LTD

Application Security Engineer

Не указана
  • Кипр
  • Полная занятость
  • Полный день
  • Более 6 лет

We are looking for a strong Application Security Engineer ready to lead and build the AppSec function. Who will drive secure engineering practices across product teams, implement SAST/DAST/SCA in CI/CD, lead threat modeling, introduce OWASP ASVS and AppSec maturity frameworks (BSIMM / SAMM / SDL), and shape our secure SDLC.

Responsibilities:

  • Develop and promote secure coding culture across developer teams.
  • Lead adoption of OWASP ASVS, define internal security standards and secure SDLC baselines.
  • Implement threat modeling and integrate it into design and development processes.
  • Lead implementation and continuous improvement of SAST, DAST, SCA in CI/CD.
  • Conduct developer training, workshops, and knowledge-sharing sessions.
  • Participate in architectural design, build security review processes for features and services.
  • Lead adoption of recognized AppSec maturity frameworks, such as BSIMM, OWASP SAMM, and Microsoft SDL, to guide the development, measurement, and continuous improvement of the organization’s application security program.
  • Collaborate with developer leads to embed security into planning and delivery.
Requirements:
  • 5+ years of experience in Application Security/Product Security.
  • Strong knowledge of OWASP Top 10 and API Security Top 10.
  • Hands-on experience with Burp Suite, OWASP ZAP, Acunetix.
  • Hands experience of implementing the Vulnerability Management process.
  • Experience with SAST, SCA, and CI/CD security integration.
  • Programming skills in two or more of the following: PHP, JavaScript/TypeScript, Java, Python, Go, Node.js.
  • Understanding of REST, OAuth2, JWT.
  • Ability to influence developers and drive secure engineering practices.
Nice to have:
  • Mobile application security testing.
  • Bug bounty reports / CTF participation.
  • Exploit development.
  • Experience building or leading AppSec programs.
  • Experience with AppSec maturity models and frameworks (e.g., BSIMM, OWASP SAMM, Microsoft SDL) and applying them to define, implement, and improve secure software development practices.

Working conditions:

  • Competitive remuneration
  • Support in relocation to Cyprus
  • Convinient location in Limassol
  • Flexible start of the day
  • Paid leave of 21 days
Источник вакансии
Вернуться, к списку вакансий
© 2019-2023 YoVA | Все права сохранены